Webhooks are a convenient way to integrate your QReserve workflows with external systems by sending HTTP requests to an endpoint in response to events in QReserve. You can send a GET request without a body or a POST or PUT request with a body.

Authentication

Support for Basic Auth is built in if you have a username or password to provide. You are also able to set a list of HTTP headers to include your task such as Authorization to provide alternative means of authenticating with your server. Password fields and Authorization headers are typically redacted from logs; however, you should be cautious with the use of credentials as they could show in some workflow logs or error reports.

Dynamic Data via Scripts

For dynamic webhooks, a Script task can be used to inject content that is a function of your workflow such as a reservation or user. Please refer to the help text provided in the Input Script Task ID field for information about the fields you can set via a script. If a script includes a dictionary as the POST contents then your request will automatically be sent as JSON.

Verification

Each webhook request also contains a QReserve-Signature header that can be used by the receiving party to verify the authenticity of the webhook by calculating an HMAC signature as a function of a secret key, a timestamp, url and HTTP body contents.