Webhook

The Webhook integration lets agents push notifications to an arbitrary URL — Zapier, Make.com, n8n, your own service. One per user.

Setup

Dashboard: Settings → Integrations → Webhook → “Configure”. Enter:

• URL — where to POST.
• Secret (optional) — used to HMAC-sign the payload. Recipients can verify.

API:

POST /v1/integrations
{ "type": "webhook", "config": { "url": "https://hooks.zapier.com/…", "secret": "optional-hmac" } }

Payload

{
  "channel": "webhook",
  "urgency": "normal",
  "message": "Statement due in 5 days. $267 minimum.",
  "source": "agent",        // or "platform"
  "sent_at": "2026-05-24T01:23:45Z",
  "task_id": "task_…",      // when applicable
  "playbook_id": "pb_…"     // when applicable
}

The HMAC signature is in the X-Vonzio-Signature header:

X-Vonzio-Signature: t=1700000000,v1=<hex-sha256-hmac>

v1 is HMAC-SHA256(secret, "<t>.<raw-body>") — same shape as Stripe’s webhook signatures. To verify, recompute and compare with timing-safe equality.

Use cases

• Push to Zapier → trigger 100 different downstream actions (calendar event, Notion page, Slack DM in a different workspace).
• Push to your own service → augment with custom logic.
• Plug into IFTTT / Make.com / n8n.

Retries

The platform retries 5xx / network failures with exponential backoff: 5s, 15s, 45s. After 3 failures the notification is dropped and logged with status=failed in notification_log. No further retries beyond that — webhook receivers should aim for ≤2 minutes of downtime.

Inbound webhooks (separate feature)

This integration is outbound only. For inbound (your service calls Vonzio to trigger a playbook), see Playbooks → webhook trigger. That’s a different surface — POST to a per-playbook URL containing a secret.

Caution

The webhook URL is bearer-style — anyone with the URL can be POSTed to. Use the HMAC secret to verify the sender. Without it, your receiver can’t tell whether a request came from Vonzio or a third party.