Webhook Configuration
Registering a Webhook
To your bot building platform with Zobot via Webhook, follow the steps:
- In Zoho SalesIQ, navigate to Settings > Bot, and click Zobot.
- Inside the bot builder, give your bot a Name.
- Then, you need to choose the platform to structure, configure, and train your assistant. You have three categories to choose from SalesIQ Platforms (Codeless bot builder, SalesIQ Scripts, Zia Skills) or Third-party platforms (Dialogflow, Watson Assistant, Azure Bot Service, and Webhook), or Vendor platforms (JioHaptik). Choose Webhooks and click Next.
- Then, configure your bot's profile and configuration, and finally click Next. You will be redirected to the Webhook configuration window.
- The Webhooks configuration window appears.
- Provide the URL to be invoked to create a connection.
Webhook Pre-requisites
- The "https" URL is recommended for security reasons.
- Our server can not connect with the URL with the port number.
- Make sure the URL can be accessed in public API clients such as Postman and Talend API Tester to be accessible in our server.
- Once the URL is provided, it will be pinged to get validated with the read time out of 5 seconds.
- If it is not reached within 5 seconds, an HTTP HEAD request gets triggered to the URL to check the status code 200.
- Ensure the webhook returns the response within 10 seconds. If not, the bot will not work.
- You can enable the Secure your webhook option to verify the data with a key pair validation. That is, if this option is enabled then while executing the Webhook we will create a signature for the payload data with the private key. The signature will be sent to the webhook server in the header name "x-siqsignature". The Webhook server should get the signature from the 'x-siqsignature' header, and verify it with the payload data received in their end and the public key using the same RSA Cryptosystem. If the verification fails, they can ensure that the data is tampered or not sent from SalesIQ.
- SalesIQ signs every webhook event passed on to the endpoint URL using RSA Cryptosystem. The generated Public key can be copied and saved in the endpoint server, which can later be used to check the authenticity of the data received with the signature attached. We will generate a public and a private key pair.
- Public Key: We display the public key in the UI, and the private key is hidden. The webhook server will store the public key. The public and the private keys are used for the security and verification purposes. This process ensures two layer security, they are:
- To ensure that the data is sent from the SalesIQ Server
- The data sent is not tampered.
- Maximum of two public keys are allowed for a Webhook. If only one public key is available, the delete option will not appear. The Oldest key will be used during execution, the key used will be indicated by the [In use] label.
- The Payload sent to the Webhook service will follow the same structure used in the SalesIQ Scripts. The Webhooks service should return the response in the SalesIQ message object format.
Webhook failure alerts
When the webhook continuously fails under the below instances, SalesIQ will send an email alert to both the bot creator/modifier and the portal owner.
- No emails will be triggered for the first failure.
- The first warning email will be sent after the second failure, with no success within the past hour.
- The second warning/alert will be sent following the third failure, with no success within an hour of the first warning email.
- Upon the fourth failure, with no success within an hour since the second warning email, the bot will be disabled, and a third warning/alert email will be sent.
410 Error: If the webhook returns a 410 error at any time, the webhook will be instantly deactivated and a warning/alert email will be sent.