Webhooks

Receive real-time notifications when users submit feedback.

Overview

When enabled, Backenrich sends an HTTP POST request to your endpoint every time a user submits feedback. Use webhooks to:

  • Send Slack/Discord notifications
  • Create tickets in your issue tracker
  • Sync feedback to your CRM
  • Trigger custom automation workflows

Setting Up Webhooks

  1. Go to Settings → Webhooks
  2. Enter your webhook endpoint URL (HTTPS required)
  3. Copy the signing secret for verification
  4. Click Send Test Webhook to verify your endpoint
  5. Enable the webhook

Note: Webhooks are organization-wide. All feedback from all your sites will be sent to the same endpoint.

Payload Format

When feedback is submitted, we send a POST request with this JSON payload:

feedback.created payload
{
  "event_type": "feedback.created",
  "feedback_id": "uuid",
  "site_id": "uuid",
  "site_name": "My Website",
  "text": "The feedback message",
  "category": "proposition",
  "screenshot_url": "https://...",
  "page_url": "https://example.com/page",
  "user_agent": "Mozilla/5.0...",
  "email": "[email protected]",
  "timestamp": "2024-01-15T10:30:00Z",
  "organization_id": "uuid"
}

Event Types

  • feedback.created — New feedback submitted
  • test — Test webhook (sent when you click "Send Test")

Categories

The category field will be one of: proposition, improve, or other

Screenshot URLs

Screenshot URLs are signed and valid for 15 minutes. Download or display them promptly.

Request Headers

Each webhook request includes these headers:

Content-Type: application/json
User-Agent: Backenrich/1.0
X-Backenrich-Event: feedback.created
X-Backenrich-Signature: sha256=abc123...

Verifying Signatures

Always verify the signature to ensure requests are from Backenrich. The signature is an HMAC-SHA256 hash of the request body using your secret.

Node.js example
import { createHmac, timingSafeEqual } from 'crypto';

function verifySignature(body, signature, secret) {
  const expected = 'sha256=' +
    createHmac('sha256', secret)
      .update(body)
      .digest('hex');

  return timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

// In your webhook handler:
const signature = req.headers['x-backenrich-signature'];
const isValid = verifySignature(rawBody, signature, secret);

if (!isValid) {
  return res.status(401).send('Invalid signature');
}

Security: Use timingSafeEqual to prevent timing attacks when comparing signatures.

Retries & Reliability

If your endpoint returns an error or times out, we automatically retry with exponential backoff:

  • Attempt 1: Immediate
  • Attempt 2: After 1 minute
  • Attempt 3: After 5 minutes
  • Attempt 4: After 30 minutes
  • Attempt 5: After 2 hours

After 5 failed attempts, the delivery is marked as failed. You can view failed deliveries and manually retry them from the dashboard.

Endpoint Requirements

HTTPS Required

Your endpoint must use HTTPS for security.

30-Second Timeout

Respond within 30 seconds or the request will timeout and be retried.

2xx Response

Return any 2xx status code to indicate success. Any other status triggers a retry.

Example Integrations