Webhooks
Set up webhooks to receive real-time event notifications from Enafeedback in your own systems.
Last updated on
Webhooks let you receive event-driven notifications from Enafeedback. When an event occurs (e.g., a new survey response), Enafeedback sends an HTTP POST request to your configured endpoint with a JSON payload.
Creating a webhook
- Navigate to Global Settings → Integrations → Webhooks.
- Click Add webhook endpoint.
- Enter the Endpoint URL — the HTTPS URL that will receive events.
- Select the Events you want to subscribe to.
- Click Save.
A secret key is generated automatically for signature verification.
Webhook endpoints must use HTTPS. HTTP endpoints are rejected for security reasons.
Events
| Event | Trigger |
|---|---|
survey.response.created | A visitor submits a survey response |
survey.response.updated | A visitor updates a previously submitted response |
hygiene.submission.created | A visitor submits a hygiene assessment |
feedback.ticket.created | A new feedback ticket is submitted |
feedback.ticket.status_changed | A ticket's status changes |
cleaning.log.created | A cleaning staff member submits a check-in |
poster.scanned | A QR code is scanned (fires before the form loads) |
You can subscribe to all events (*) or a specific subset.
Payload format
All webhook payloads share a common envelope:
{
"id": "evt_01HXYZ...",
"event": "survey.response.created",
"created_at": "2026-06-07T10:30:00Z",
"workspace_id": "ws_abc123",
"data": {
// Event-specific fields
}
}Example: survey.response.created
{
"id": "evt_01HXYZ",
"event": "survey.response.created",
"created_at": "2026-06-07T10:30:00Z",
"workspace_id": "ws_abc123",
"data": {
"session_id": "ses_001",
"survey_id": "srv_456",
"survey_version": 3,
"location_id": "loc_789",
"location_name": "Reception",
"completed_at": "2026-06-07T10:30:00Z",
"duration_seconds": 47,
"answers": [
{ "question_id": "q1", "type": "rating", "value": 5 },
{ "question_id": "q2", "type": "text", "value": "Very helpful staff" }
]
}
}Signature verification
Every webhook request includes an X-Enafeedback-Signature header. This is an HMAC-SHA256 signature of the raw request body using your endpoint's secret key.
To verify the signature:
import { createHmac } from 'node:crypto';
function verifyWebhook(body: string, signature: string, secret: string): boolean {
const expected = createHmac('sha256', secret)
.update(body)
.digest('hex');
return `sha256=${expected}` === signature;
}Always verify signatures before processing payloads.
Retry policy
If your endpoint returns a non-2xx response (or times out), Enafeedback retries with exponential backoff:
| Attempt | Delay |
|---|---|
| 1st retry | 30 seconds |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
After 4 failed retries, the delivery is marked as failed and no further retries occur. Failed deliveries are visible in the webhook delivery log.
Delivery log
Global Settings → Integrations → Webhooks → [Endpoint] → Deliveries shows:
- Event type
- Delivery timestamp
- HTTP response status
- Response body (for debugging)
- Retry count
You can manually retry any failed delivery from this log.
Testing a webhook
Click Send test event from the endpoint configuration page to send a sample payload to your endpoint. The test event uses mock data and is clearly marked with "test": true in the payload.
Disabling and deleting endpoints
- Disable — Temporarily stops sending events without losing configuration. Re-enable at any time.
- Delete — Permanently removes the endpoint and its delivery log. The secret key is invalidated immediately.