Webhooks — Secure Real-Time Events & AI Chat Ingestion

Stream events from your tools and AI conversations into IntegrateWise in real time.

What Webhooks do in IntegrateWise

Webhooks let IntegrateWise ingest events in real time from:

  • your tools (Slack, CRMs, internal systems)
  • your AI chat sources (ChatGPT, Claude, Gemini, etc.)
  • custom systems (product usage, billing events, telemetry)

This powers:

  • Brainstorming → Second Brain ingestion
  • real-time workflows
  • agent triggers
  • insights updates
  • Render updates

Webhook Endpoint

Base Endpoint

POST https://api.integratewise.com/webhooks/v1/{workspace_id}/{source}

Example:

POST https://api.integratewise.com/webhooks/v1/ws_123/chatgpt

Webhook Security (Required)

All webhook payloads must be:

  • signed
  • timestamped
  • idempotent

Signature (HMAC)

We recommend:

  • X-IW-Signature header = HMAC-SHA256 of payload using your workspace secret
  • X-IW-Timestamp header = UNIX timestamp

Example headers

X-IW-Signature: sha256=...
X-IW-Timestamp: 1735717342
X-IW-Idempotency-Key: <unique_key>

Replay Protection

Requests must be within a timestamp tolerance window:

default: 5 minutes

If outside tolerance:

request is rejected: 401 invalid_timestamp

Idempotency (No duplicate events)

Each webhook event must include:

X-IW-Idempotency-Key

IntegrateWise stores idempotency keys for a TTL window (default 7 days). Duplicate keys return the original response.

Payload Schema (Generic)

{
  "event_id": "evt_123",
  "source": "chatgpt",
  "type": "conversation.message",
  "workspace_id": "ws_123",
  "timestamp": "2025-12-31T12:34:56Z",
  "actor": {
    "id": "user_123",
    "email": "user@example.com"
  },
  "data": {
    "message_id": "msg_456",
    "thread_id": "th_789",
    "content": "Brainstorming text here...",
    "metadata": {
      "model": "gpt-5",
      "tags": ["idea", "plan"]
    }
  }
}

AI Brainstorming Payload (Recommended)

Use this for AI chat ingestion:

{
  "event_id": "evt_123",
  "source": "chatgpt",
  "type": "brain.ingest",
  "workspace_id": "ws_123",
  "timestamp": "2025-12-31T12:34:56Z",
  "data": {
    "session_id": "session_001",
    "conversation_title": "Pricing page brainstorm",
    "messages": [
      {"role":"user","content":"Help me write pricing copy"},
      {"role":"assistant","content":"Here are tiers..."}
    ],
    "labels": ["brainstorming", "marketing"],
    "links": ["https://..."],
    "attachments": []
  }
}

Responses

Success

200 OK
{"status":"accepted","event_id":"evt_123"}

Duplicate (idempotent)

200 OK
{"status":"duplicate","event_id":"evt_123"}

Invalid signature

401 Unauthorized
{"error":"invalid_signature"}

Best Practices

  • Always include event_id and idempotency_key
  • Keep payloads small; stream large content via references
  • Avoid sending PII unless required
  • Use Render Only mode if compliance-first

Testing Your Webhook

We provide a test endpoint:

POST /webhooks/v1/test

And a webhook log viewer:

Settings → Webhooks → Logs

Back to QuickstartDocumentation Home