Skip to main content

Available Events

submission.created

New form submission received

submission.qualified

Submission met qualification criteria

submission.updated

Submission data was modified

submission.deleted

Submission was deleted

Webhook Payload

Each webhook delivers a JSON payload with event details: 
{
  "event": "submission.created",
  "timestamp": "2024-01-15T10:30:00Z",
  "data": {
    "submission_id": "sub_abc123",
    "form_id": "form_xyz789",
    "fields": {
      "email": "[email protected]",
      "name": "John Doe",
      "message": "Hello!"
    }
  }
}

Signature Verification

All webhook requests include a signature header for verification. Always verify the signature to ensure the request came from Orbit AI: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from('sha256=' + expectedSignature)
  );
}

Best Practices

Respond quickly

Return a 2xx response within 5 seconds. Process asynchronously if needed.

Verify signatures

Always validate the webhook signature before processing.

Handle retries

Webhooks are retried on failure. Implement idempotency to avoid duplicates.

Next Steps

Webhook Docs

Full webhook documentation

API Reference

Manage webhooks via API