slashpageSlashpage APIWebhooks

Webhooks

Overview

Webhooks allows external services to receive real-time notifications when specific events occur within a domain of Slashpage.

Setup

On slashpage, navigate to Site Settings > Integrations > Outgoing webhooks .

Click Create New button to create new webhook. Then enter the webhook name and endpoint(Webhook URL). And you can check as many different types of event as you want. To activate the webhook, you must complete the verification steps.

Webhook URL Verification

After creating a webhook, enter the Webhook URL and click the Verify button to initiate the verification process. Slashpage will then send a verification code using HTTP POST request to the endpoint URL.

Verification body example:

{
   "verificationCode": "swvc_******"
}

If you successfully received the verification code, enter the code you received in the dialog.

Be sure to store this verification code securely before entering it. This code is used to validate the payload and cannot be viewed again.

Once URL verification is complete, the webhook is immediately activated.

Payload Validation

All webhook event deliveries include an X-Slashpage-Signature header for payload validation:

X-Slashpage-Signature: hmac-sha256=<computed_signature>

The code below is an example in nodejs of verifying whether the payload is valid using the verificationCode. The signature is computed using HMAC-SHA256 with the webhook's verification code.

const crypto = require('crypto');

function checkPayloadIsValid(payload, signature, verificationCode) {
    const computedSignature = crypto
        .createHmac('sha256', verificationCode)
        .update(JSON.stringify(payload))
        .digest('hex');
    
    return `hmac-sha256=${computedSignature}` === signature;
}

This allows you to validate that the payload was sent by Slashpage and hasn’t been modified in transit.

Payload validation is not required but highly recommended.

Supported Event Types

The webhook system supports the following event types:

Post Events

  • post.created - New post created

  • post.updated - Post updated

  • post.deleted - Post deleted

  • post.fields_updated - Fields in post updated

Comment Events

  • comment.created - New comment created

  • comment.updated - Comment updated

  • comment.deleted - Comment deleted

Reaction Events

  • reaction.created - Reaction added

  • reaction.deleted - Reaction removed

Form Events

  • form.submitted - Form submitted

User Events

  • subscriber.subscribed - User subscribed

  • subscriber.unsubscribed - User unsubscribed

  • member.joined - Member joined

  • member.left - Member left

Payload Structure

All webhook payloads follow this base structure:

{
    "eventName": "event.type",
    "domainId": "domain_id",
    "domainName": "domain_name",
    "webhookName": "webhook_name",
    "triggerdAt": "2025-01-01T00:00:00.000Z", // iso date
    "triggerdBy": {
        "id": "user_id who trigger the webhook",
        "nickname": "user_name"
    },
    "data": {
        // Event-specific data
        "model": "model_name",
        "id": "model_id",
        ...
    }
}