Webhooks allow you to receive real-time HTTP notifications when specific events occur in your Libredesk instance. This enables you to integrate Libredesk with external systems and automate workflows based on conversation and message events.

Overview

When a configured event occurs in Libredesk, an HTTP POST request is sent to the webhook URL you specify. The request contains a JSON payload with event details and relevant data.

Configuration

1

Navigate to webhooks

Go to Admin → Integrations → Webhooks in your Libredesk dashboard
2

Create webhook

Click Create Webhook and configure:
  • Name: A descriptive name for your webhook
  • URL: The endpoint URL where webhook payloads will be sent
  • Events: Select which events you want to subscribe to
  • Secret: Optional secret key for signature verification
  • Status: Enable or disable the webhook
3

Test webhook

Use the test button to send a sample payload to verify your endpoint is working

Security

Signature Verification

If you provide a secret key, webhook payloads will be signed using HMAC-SHA256. The signature is included in the X-Signature-256 header in the format sha256=<signature>. 
import hmac
import hashlib

def verify_signature(payload, signature, secret):
    expected_signature = hmac.new(
        secret.encode('utf-8'),
        payload,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected_signature}", signature)

Headers

Each webhook request includes the following headers:
HeaderDescription
Content-TypeAlways application/json
User-AgentLibredesk-Webhook/<version>
X-Signature-256HMAC signature (if secret is configured)

Available Events

Conversation Events

Message Events

Delivery and Retries

Webhook Delivery Behavior:
  • Webhooks requests timeout can be configured in the config.toml file
  • Failed deliveries are not automatically retried
  • Webhook delivery runs in a background worker pool for better performance
  • If the webhook queue is full (configurable in config.toml), new events may be dropped

Testing Webhooks

You can test your webhook configuration using these tools:

Webhook.site

Generate a temporary URL to inspect webhook payloads

ngrok

Expose your local development server to receive webhooks

RequestBin

Collect and inspect HTTP requests

Postman

Create mock servers to test webhook payloads

Best Practices

Do:
  • Always verify webhook signatures in production
  • Respond quickly (< 5 seconds) to webhook requests
  • Process webhooks asynchronously in your application
  • Implement idempotency to handle duplicate events
  • Log all webhook events for debugging
Don’t:
  • Perform long-running operations in your webhook handler
  • Expose sensitive data in webhook URLs
  • Rely solely on webhooks for critical data (implement polling as backup)
  • Ignore webhook failures without logging

Example Integration

Here’s a simple Express.js server that receives and processes Libredesk webhooks: 
const express = require('express');
const crypto = require('crypto');
const app = express();

// Middleware to capture raw body for signature verification
app.use(express.raw({ type: 'application/json' }));

app.post('/webhook', (req, res) => {
    const signature = req.headers['x-signature-256'];
    const secret = process.env.WEBHOOK_SECRET;
    
    // Verify signature
    if (secret && !verifySignature(req.body, signature, secret)) {
        return res.status(401).send('Invalid signature');
    }
    
    const event = JSON.parse(req.body);
    
    // Process event asynchronously
    setImmediate(() => {
        processWebhookEvent(event);
    });
    
    // Respond immediately
    res.status(200).send('OK');
});

function processWebhookEvent(event) {
    console.log(`Received event: ${event.event}`);
    
    switch(event.event) {
        case 'conversation.created':
            // Handle new conversation
            break;
        case 'message.created':
            // Handle new message
            break;
        // Add more cases as needed
    }
}

app.listen(3000, () => {
    console.log('Webhook server listening on port 3000');
});