# Webhooks

A webhook is simply a user-defined callback in the form of an HTTP POST which is invoked when something happens.
So for example whenever a new booking is created in Makeplans we can send a POST request to the URL you specify. The response will include data about the modified object.

## Payload

<table>
  <tr><th>Name</th><th>Type</th><th>Description</th></tr>
  <tr><td>event</td><td>String</td><td>Type of event</td></tr>
  <tr><td>idempotency_id</td><td>String</td><td>Unique id for this webhook</td></tr>
  <tr><td>generated_at</td><td>String</td><td>When the event was initialized</td></tr>
  <tr><td>performed_by</td><td>Object</td><td>Info of the user who performed the event</td></tr>
  <tr><td>data</td><td>Object</td><td>Related object for event type</td></tr>
</table>

## Data payload

<table>
  <tr><th>Name</th><th>Type</th><th>Description</th></tr>
  <tr><td>object</td><td>String</td><td>Type of object</td></tr>
  <tr><td>id</td><td>Integer</td><td>Id of the object</td></tr>
  <tr><td>*object_type*</td><td>Object</td><td>Payload of the object</td></tr>
</table>

### Deprecated attributes

The attributes in the data payload, 'object', 'id', and '*object_type*', are also included in the root payload due to legacy reasons. Please use the `data` attribute. The legacy attributes will be removed in the future.

## Supported events

* booking.cancelled
* booking.confirmed
* booking.created
* booking.declined
* booking.deleted
* booking.modified
* booking.verified
* event.created
* event.deleted
* event.modified
* message.processed
* person.created
* person.deleted
* person.modified

## Wildcard usage

You can use wildcard to trigger all or grouped events: `*` or `booking.*`

## Security

### Verify payload signature

We include a `X-MakePlans-Signature` header in the webhook request. Use this to verify the request body to ensure the request is from Makeplans and signed with your account secret. The header includes details about the signature and the signature itself. We use HMAC SHA-256 to compute this signature.

Example: `X-MakePlans-Signature: sha256=5257a869e7ecebeda32affa62cdca3fa51cad7e77a0e56ff536d0ce8e108d8bd`.

### Authentication

You can add HTTP Basic Auth credentials or a parameter secret to the webhook URL.

## Retries

We will retry after any 4xx or 5xx HTTP status response. Note that 4xx responses are also retried as they may be caused by temporary issues on the receiving end. Maximum retries are 5. The timeout is set to 10 seconds.