Goldilocks Docs
Developers

Webhooks

Receive real-time notifications about conversations and events

Webhooks send real-time HTTP notifications to your server when events occur in Goldilocks. Use them to integrate with your systems, trigger automations, or build custom functionality.

How Webhooks Work

  1. You register a webhook URL
  2. Subscribe to specific events
  3. When events occur, we POST to your URL
  4. Your server processes the webhook
  5. Return 200 OK to acknowledge

Setting Up Webhooks

Via Dashboard

  1. Go to Settings > Webhooks or AI Agents > Workflows
  2. Click Add Webhook
  3. Enter:
    • URL - Your endpoint
    • Events - What to subscribe to
    • Secret - For signature verification
  4. Save

Via API

POST /v1/webhooks
Authorization: Bearer your-api-key
Content-Type: application/json

{
  "url": "https://yoursite.com/goldilocks-webhook",
  "events": ["conversation.started", "conversation.ended", "escalation"],
  "secret": "your-webhook-secret"
}

Available Events

Conversation Events

EventDescription
conversation.startedNew conversation began
conversation.endedConversation concluded
conversation.messageNew message in conversation

Escalation Events

EventDescription
escalationConversation escalated to human
escalation.submittedCustomer submitted contact info

Workflow Events

EventDescription
workflow.triggeredCustom workflow triggered

Analytics Events

EventDescription
rundown.generatedNew rundown available

Webhook Payload

Headers

Content-Type: application/json
X-Goldilocks-Signature: sha256=abc123...
X-Goldilocks-Event: conversation.started
X-Goldilocks-Delivery-Id: del_abc123

Conversation Started

{
  "event": "conversation.started",
  "timestamp": "2024-01-15T10:00:00Z",
  "data": {
    "conversationId": "conv_abc123",
    "customerId": "cust_12345",
    "customerLabel": "John Smith",
    "persona": "support-agent",
    "metadata": {}
  }
}

Conversation Message

{
  "event": "conversation.message",
  "timestamp": "2024-01-15T10:00:05Z",
  "data": {
    "conversationId": "conv_abc123",
    "messageId": "msg_xyz789",
    "role": "customer",
    "content": "How do I return my order?",
    "customerId": "cust_12345"
  }
}

Conversation Ended

{
  "event": "conversation.ended",
  "timestamp": "2024-01-15T10:05:00Z",
  "data": {
    "conversationId": "conv_abc123",
    "customerId": "cust_12345",
    "status": "resolved",
    "messageCount": 6,
    "duration": 300,
    "tags": ["returns", "orders"]
  }
}

Escalation

{
  "event": "escalation",
  "timestamp": "2024-01-15T10:03:00Z",
  "data": {
    "conversationId": "conv_abc123",
    "customerId": "cust_12345",
    "customerLabel": "John Smith",
    "customerEmail": "john@example.com",
    "reason": "customer_request",
    "lastMessage": "I'd like to speak to a human",
    "transcript": [
      {
        "role": "customer",
        "content": "How do I return my order?",
        "timestamp": "2024-01-15T10:00:00Z"
      },
      // ... more messages
    ]
  }
}

Workflow Triggered

{
  "event": "workflow.triggered",
  "timestamp": "2024-01-15T10:02:00Z",
  "data": {
    "workflowId": "wf_abc123",
    "workflowSlug": "cancel-order",
    "conversationId": "conv_abc123",
    "customerId": "cust_12345",
    "extracted": {
      "orderId": "ORD-12345",
      "reason": "changed my mind"
    }
  }
}

Signature Verification

Verify webhooks are from Goldilocks using the signature header.

Node.js

const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  const received = signature.replace('sha256=', '');
  
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(received)
  );
}

// In your webhook handler
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-goldilocks-signature'];
  
  if (!verifySignature(req.body, signature, WEBHOOK_SECRET)) {
    return res.status(401).send('Invalid signature');
  }
  
  const event = JSON.parse(req.body);
  // Process event...
  
  res.status(200).send('OK');
});

Python

import hmac
import hashlib

def verify_signature(payload, signature, secret):
    expected = hmac.new(
        secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()
    
    received = signature.replace('sha256=', '')
    return hmac.compare_digest(expected, received)

PHP

function verifySignature($payload, $signature, $secret) {
    $expected = 'sha256=' . hash_hmac('sha256', $payload, $secret);
    return hash_equals($expected, $signature);
}

Handling Webhooks

Best Practices

  1. Respond quickly - Return 200 within 30 seconds
  2. Process asynchronously - Queue heavy work
  3. Handle duplicates - Same event may send multiple times
  4. Verify signatures - Always validate authenticity

Example Handler

app.post('/webhook', async (req, res) => {
  // Verify signature
  if (!verifySignature(req.body, req.headers['x-goldilocks-signature'])) {
    return res.status(401).send('Unauthorized');
  }
  
  const event = req.body;
  
  // Acknowledge immediately
  res.status(200).send('OK');
  
  // Process asynchronously
  try {
    switch (event.event) {
      case 'conversation.started':
        await handleConversationStarted(event.data);
        break;
      case 'escalation':
        await handleEscalation(event.data);
        break;
      // ... handle other events
    }
  } catch (error) {
    console.error('Webhook processing error:', error);
  }
});

Retry Policy

If your endpoint fails, we retry:

AttemptDelay
1Immediate
25 minutes
330 minutes
42 hours
524 hours

After 5 failures, the webhook is disabled.

Testing Webhooks

Test Endpoint

Tools for testing webhooks:

Manual Test

  1. Go to Settings > Webhooks
  2. Find your webhook
  3. Click Send Test
  4. Check your endpoint

Test Payload

Test events include:

{
  "event": "test",
  "timestamp": "2024-01-15T10:00:00Z",
  "data": {
    "message": "This is a test webhook"
  }
}

Troubleshooting

Webhooks Not Receiving

  1. Check URL is publicly accessible
  2. Verify no firewall blocking
  3. Check webhook is enabled
  4. Review delivery logs

Signature Failures

  1. Verify secret matches
  2. Check payload isn't modified
  3. Ensure correct encoding

Timeouts

  1. Respond within 30 seconds
  2. Process heavy work async
  3. Optimize endpoint performance

Managing Webhooks

View Delivery History

  1. Go to Settings > Webhooks
  2. Click on a webhook
  3. View recent deliveries
  4. See success/failure status

Disable Webhook

  1. Find the webhook
  2. Toggle off or delete
  3. Deliveries stop immediately

Update Webhook

  1. Edit URL or events
  2. Save changes
  3. New settings apply to future events

API Reference

REST API endpoints for server-side integration

On this page

How Webhooks WorkSetting Up WebhooksVia DashboardVia APIAvailable EventsConversation EventsEscalation EventsWorkflow EventsAnalytics EventsWebhook PayloadHeadersConversation StartedConversation MessageConversation EndedEscalationWorkflow TriggeredSignature VerificationNode.jsPythonPHPHandling WebhooksBest PracticesExample HandlerRetry PolicyTesting WebhooksTest EndpointManual TestTest PayloadTroubleshootingWebhooks Not ReceivingSignature FailuresTimeoutsManaging WebhooksView Delivery HistoryDisable WebhookUpdate Webhook