Webhooks

Configuração

POST /api/v1/webhooks
{
  "name": "Meu CRM",
  "url": "https://meucrm.com/webhook",
  "secret": "meu-segredo-hmac",
  "events": ["contact.created", "message.received", "flow.completed"]
}

Verificação de autenticidade

Cada webhook enviado inclui o header X-Funil-Signature:

const signature = crypto
  .createHmac('sha256', webhookSecret)
  .update(JSON.stringify(payload))
  .digest('hex')

// Verificar no seu servidor:
const expected = `sha256=${signature}`
const received = req.headers['x-funil-signature']
const valid = crypto.timingSafeEqual(
  Buffer.from(expected),
  Buffer.from(received)
)

Eventos disponíveis

message.received          message.sent
message.delivered         message.read          message.failed
contact.created           contact.updated       contact.deleted
contact.tag_added         contact.tag_removed   contact.field_changed
conversation.opened       conversation.assigned  conversation.resolved
flow.started              flow.completed        flow.abandoned
ai_session.started        ai_session.resolved   ai_session.escalated
broadcast.completed
channel.connected         channel.disconnected

Retry

Falha → retry em 30s, 5min, 30min, 2h, 24h. Após 5 falhas, webhook desativado e admin notificado.