POST to it whenever
something happens — a message arrives, an invoice is paid, an appointment is booked.
Setting one up
1
Add a webhook integration
Go to Salesbot → Integrations → Webhooks and add your endpoint URL. It must be
publicly reachable over HTTPS.
2
Choose events
Subscribe to the topics you care about, then select Connect. Subscribe narrowly:
every event you accept and discard is a request your server paid for.
3
Copy the signing secret
DMLY generates a signing secret for you — you don’t supply one. Once connected, the
Signing secret panel appears: select Reveal, then Copy. Every delivery to
your own endpoint is signed, so verify it — see Verifying.
4
Send a test
Use the test ping to confirm your endpoint is reachable and your signature check works
before relying on it.
The payload
Every delivery has the same envelope. Onlydata varies by topic:
"test": true so you can ignore them in production logic.
Headers
Verifying a delivery
The signature is an HMAC-SHA256 of the raw request body, keyed by your secret. Compute it over the bytes exactly as received — parsing and re-serialising the JSON first will change the bytes and the signature will never match.Zapier hook URLs are not signed. Their URLs are unguessable capability URLs, so they carry
no
X-Salesbot-Signature header. Signing applies to your own webhook endpoints.Responding
Return any2xx to acknowledge. DMLY allows 8 seconds before it treats the delivery as
failed, so acknowledge immediately and do the real work asynchronously — do not process the
event inline and then respond.
Failed deliveries are retried twice more, after roughly 10s then 60s — three
attempts in total. After that the delivery is logged as failed and dropped.

