Webhook Management
Set up webhook endpoints to integrate ISPBills with external systems
Webhooks allow ISPBills to send real-time event data to external applications, enabling seamless integration with CRMs, accounting tools, and custom systems.
Webhooks use HTTP POST requests to deliver event payloads to your configured endpoint URLs whenever specific actions occur in ISPBills.
Overview
With webhooks you can:
- Notify external systems when events occur in ISPBills
- Integrate with third-party CRMs, billing platforms, or custom dashboards
- Automate workflows triggered by customer actions, payments, or system events
What Are Webhooks
A webhook is an automated HTTP callback. When a configured event happens in ISPBills, the system sends a JSON payload to the URL you specify. Your external application receives this data and can act on it — for example, updating a CRM record when a new customer is created, or logging a payment in an accounting system.
Creating Webhook Endpoints
To create a new webhook endpoint:
- Navigate to the webhook management section
- Add a new endpoint by providing:
| Parameter | Description |
|---|---|
| Endpoint URL | The HTTPS URL that will receive webhook payloads |
| Events | Select which events should trigger this webhook |
| Status | Enable or disable the webhook endpoint |
| Secret Key | A shared secret used for verifying payload signatures |
- Save the endpoint configuration
Always use HTTPS URLs for webhook endpoints. HTTP endpoints may expose sensitive data in transit.
Available Events
ISPBills can trigger webhooks for a variety of system events. Common examples include:
| Event Category | Examples |
|---|---|
| Customer | Customer created, updated, deleted |
| Invoice | Invoice generated, paid, overdue |
| Payment | Payment received, refunded, failed |
| Connection | Service activated, suspended, terminated |
| Package | Package assigned, changed, expired |
Each event payload includes relevant data such as customer details, amounts, timestamps, and resource identifiers.
Testing Webhooks
Before relying on webhooks in production:
- Use a request inspection tool (e.g., webhook.site or requestbin) as a temporary endpoint
- Trigger the relevant event in ISPBills
- Inspect the received payload to verify the structure and data
- Replace the test URL with your actual application endpoint
Check the webhook delivery logs in ISPBills to see response codes returned by your endpoint. A 2xx response indicates successful delivery.
Security (Signature Verification)
Each webhook request includes a signature header generated using your secret key. To verify authenticity:
- Extract the signature from the request header
- Compute an HMAC hash of the raw request body using your secret key
- Compare the computed hash with the received signature
- Reject requests where the signatures do not match
Never expose your webhook secret key. If compromised, rotate the key immediately from the webhook settings and update your receiving application.
| Security Best Practice | Description |
|---|---|
| Verify signatures | Always validate the HMAC signature on incoming requests |
| Use HTTPS | Encrypt data in transit to prevent interception |
| Respond quickly | Return a 2xx status within a few seconds to avoid timeouts |
| Handle retries | ISPBills may retry failed deliveries — ensure your endpoint is idempotent |