Webhooks are user-defined HTTP callbacks which create notifications by Atlas events to destination systems.
Webhook Topics
| Topic | Category | Description |
|---|---|---|
| account.customer.linked | ACCOUNT | Subscribe to customer linked to an account changes |
| account.customer.unlinked | ACCOUNT | Subscribe to customer ulinked from an account changes |
| conversation | CONVERSATION | Subscribe to conversation changes |
| conversation.agent | CONVERSATION | Subscribe to conversation agent changes |
| conversation.tags | CONVERSATION | Subscribe to conversation tag changes |
| conversation.custom_field | CONVERSATION | Subscribe to conversation custom field changes |
| conversation.status | CONVERSATION | Subscribe to conversation status changes |
| conversation.priority | CONVERSATION | Subscribe to conversation priority changes |
| customer | CUSTOMER | Subscribe to customer changes |
| customer.identify | CUSTOMER | Subscribe to customer changes |
| customer.created | CUSTOMER | Subscribe to customer changes |
| customer.updated | CUSTOMER | Subscribe to customer changes |
| customer.custom_fields | CUSTOMER | Subscribe to customer custom field changes |
| customer_notes | NOTES | Subscribe to customer notes created/updated event |
| customer_notes.deleted | NOTES | Subscribe to customer notes deletion event |
Webhook Security
Webhook requests will contain two headers which can be used to verify the request’s authenticity:
X-Atlas-Webhook-Signature– the main signature which is the hex-encoded HMAC SHA256 hash of{TIMESTAMP}.{PAYLOAD}X-Atlas-Webhook-Timestamp– the float timestamp used to verify the signature
To verify the signature, create the same HMAC SHA256 signature and compare it to the webhook signature header to ensure that they match.
Python code that generates the headers
def get_webhook_signature_hash(payload: dict, secret: str, timestamp: float) -> str:
key = secret.encode("ascii")
msg = f"{timestamp}.{payload}".encode("utf-8")
return hmac.new(key, msg, hashlib.sha256).hexdigest()Note – the webhook request body would be of the following shape
{
"event": "customer_notes.deleted",
"data": "{\"id\": \"...\", \"company_id\": \"...\", \"object_type\": \"customer\", \"object_id\": \"...\", \"text\": \"...\", \"created_by\": \"...\", \"created_at\": \"...\", \"updated_at\": \"...\", \"creator\": {...}, \"edited\": false}"
}To verify the signature, the body has to be used as is, before JSON decoding:
payload = {
"event": "customer_notes.deleted",
"data": "{\"id\": \"...\", \"company_id\": \"...\", \"object_type\": \"customer\", \"object_id\": \"...\", \"text\": \"...\", \"created_by\": \"...\", \"created_at\": \"...\", \"updated_at\": \"...\", \"creator\": {...}, \"edited\": false}"
}
timestamp = req.headers.get("X-Atlas-Webhook-Timestamp")
secret = "<unique secret per webhook subscription>" # available in Atlas App Config
get_webhook_signature_hash(payload, secret, timestamp)