Configure webhooks in Ziflow

Dina Bennett
Dina Bennett
  • Updated

Webhooks let your Ziflow account automatically send information to other applications in real time. They provide a simple way for Ziflow to “talk” to external systems and notify them whenever specific events occur, such as when a proof is created, a comment is added, or a decision is made.

Available to administrators on: Free Standard Pro Enterprise

 

Log into Ziflow. Select your user avatar and choose Settings > API Settings > Webhooks.

 

webhooks-open.png

 

Add a webhook endpoint

  1. Select Add endpoint.
  2. Fill in the webhook details:

    add-endpoint-page.png

    Webhook name A descriptive name (e.g., Slack integration or Custom reporting).
    Webhook URL The third-party endpoint URL where Ziflow should send data.

    Webhook signature key

    (optional but recommended)

    Add a key to verify webhook authenticity. Ziflow uses this key to calculate a SHA-256 signature included in the x-ziflow-signature header of each event.

    You can use a Ziflow-generated key or provide your own (up to 255 alphanumeric characters, with “-” and “\”).
    Filter event Choose which events to send. You can send all events or choose Send some events and select the events from a list.
  3. Select Add endpoint.
  4. Change the endpoint status to Active. New endpoints are disabled by default until activated.

 

Verify webhook signatures

To confirm that events are coming from Ziflow and not a third party, you can validate webhook signatures. The SHA-256 signature is generated using:

  • webhook_signature_key
  • HTTP method
  • Webhook URI (URL-encoded if query parameters are included)
  • Raw request body

Example raw string used in SHA-256 calculation

key: 1-app-key-34/8652
method: POST
webhook URI: https://some.endpoint.com?param=value/something
encoded webhook URI: https://some.endpoint.com?param=value%2Fsomething


Concatenated string

1-app-key-34/8652POSThttps://some.endpoint.com?param=value%2Fsomething{"events":[{...}]}

This string is then hashed with SHA-256 using the signature key.

Note: Always use the raw request body when calculating the hash.

 

Edit or manage webhooks

  • Select a webhook to open edit mode and update its configuration.
  • Deactivate a webhook to temporarily stop event delivery.
  • Delete a webhook if it’s no longer needed.

Additional information

  • If your webhook URL contains query parameters, ensure that values are URL-encoded before calculating the signature.
  • For full event schema details and subscription management via API, see the Ziflow API documentation.

 

Related articles

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.