LeadCeleris
LeadCeleris developer platform

Webhook events and signature verification

Subscribe to LeadCeleris events and verify every delivery before processing it.

Reading time

8 min

Sections

3 implementation topics
01

Available event types

Webhook endpoints can subscribe to message.received, message.sent, contact.created, contact.updated, escalation.created, and escalation.resolved.

Each delivery includes X-LeadCeleris-Event, X-LeadCeleris-Delivery-Id, and X-LeadCeleris-Signature headers.

02

Verify the signature

Read the raw request body before JSON parsing. The signature header uses t=<unix timestamp>,v1=<hex digest>. Compute HMAC-SHA256 over timestamp + '.' + rawBody with the webhook signing secret and compare the digest in constant time.

Reject invalid signatures and timestamps outside your accepted replay window before running any business logic.

03

Handle deliveries safely

Return a successful HTTP response quickly, then process the event asynchronously. Use the delivery ID for idempotency so retries cannot create duplicate actions.

  • Log the event type and delivery ID, not secrets
  • Make handlers safe to run more than once
  • Test endpoint behavior from the Developers page before enabling production workflows