Skip to main content

Before you begin

Webhooks are managed from the Admin area of your Zivio platform. You will need:
  • An admin account with permission to manage webhooks. If you cannot see the Webhooks section, ask your platform administrator to grant you access.
  • A publicly reachable HTTPS endpoint that can accept POST requests and return a 2xx response.
Webhook URLs must be public HTTPS addresses. Internal, private, or local addresses are not permitted.

Creating a webhook

1

Open the Webhooks admin

Navigate to the Admin area and select Webhooks.
2

Add a new webhook

Choose Add Webhook and complete the form:
  • Name — a label to help you identify the webhook.
  • URL — the HTTPS endpoint that will receive events.
  • Description — optional notes about what this webhook is for.
  • Events — tick the events you want to receive. You can select individual events, an entire category at once, or all events.
3

Save and store your signing secret

When the webhook is created, Zivio shows you a signing secret that begins with whsec_.
The full signing secret is shown only once, at creation. Copy it and store it securely — you will need it to verify incoming requests. If you lose it, you can rotate the secret to generate a new one.
After this, only the last few characters of the secret are ever displayed, so you can identify which secret is in use without exposing it.

What your webhook will receive

The data in each event payload reflects the permissions of the admin who created the webhook — the owner. A webhook only receives events for resources its owner is allowed to see, and the payload is shaped exactly as that owner would see it through the v4 API. Keep this in mind when choosing who creates a webhook.
For a service-style integration, create the webhook from an admin account that has the level of access your integration needs — no more, no less.

Sending a test event

Once your webhook is set up, you can send a test event to confirm your endpoint is reachable and your signature verification works. A test event has the type webhook.test and a simple placeholder payload, so it is safe to send at any time without affecting real data.

Managing an existing webhook

From the Webhooks admin you can:
  • Edit a webhook’s name, URL, description, and subscribed events.
  • Rotate the signing secret — this immediately invalidates the old secret and shows you a new one once. Your endpoint will reject requests until you update the stored secret on your side, so rotate during a maintenance window if possible.
  • Disable a webhook to stop deliveries without deleting its history.
  • Review the health of each webhook — recent delivery status and success rates are shown on the webhooks list.

Reviewing deliveries

Every attempt to send an event is recorded. From the Deliveries view you can browse and filter deliveries by webhook, event type, status, and date, and open any delivery to inspect its request and response details. You can also resend a past delivery if needed.
When you resend an event, your endpoint receives it as a brand-new event with a new ID. If your system de-duplicates by event ID, it will treat the resend as a separate event.

Next steps

Event Types

See everything you can subscribe to.

Verifying Signatures

Secure your endpoint against forged requests.