Intermediate
15 min
Setting Up Webhooks
Configure real-time notifications for events.
Prerequisites
- An API key with the required scopes
- An active PlanDocket account
1
Create a Webhook Endpoint
Create an endpoint on your server that can receive POST requests.
2
Register the Webhook
Register your webhook endpoint via the API.
curl -X POST "https://your-tenant.plandocket.com/api/v1/webhooks" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-server.com/webhook",
"events": ["participant.added", "invoice.paid"]
}'
3
Validate the Signature
Validate the webhook signature to ensure authenticity.
<?php
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_WEBHOOK_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_WEBHOOK_TIMESTAMP'] ?? '';
$secret = 'your_webhook_secret';
// Signature format: v1=<hmac>
if (!str_starts_with($signature, 'v1=')) {
http_response_code(401);
exit('Invalid signature format');
}
// Verify timestamp is recent (max 5 minutes)
if (!is_numeric($timestamp) || abs(time() - (int) $timestamp) > 300) {
http_response_code(401);
exit('Timestamp expired');
}
$signedPayload = $timestamp . '.' . $payload;
$expected = hash_hmac('sha256', $signedPayload, $secret);
if (!hash_equals($expected, substr($signature, 3))) {
http_response_code(401);
exit('Invalid signature');
}
$event = json_decode($payload, true);