Webhooks are essential part of our API. In opposite to the REST API, that returns data upon a request, webhooks deliver data to you proactively whenever something happens in your project. Currently the webhooks can be triggered by anomalies in your data.


1. Set webhook URL on anomalies

Webhooks you can set in the Smartlook application. Below is screen how to set webhooks.

28562856 460460

Optionally you can set secret.

2. Set API on the server side

Webhooks are sent as a JSON in a POST HTTP request to the endpoint you specified in the first step.

Example of webhook body:

    "template": "Absolute threshold",
    "anomalyEventName": "Errors",
    "params": {
        "projectName": "Smartlook Project",
        "projectId": "1588faqebe0e421503103a97a",
        "organizationId": "c314a9fa49ea858dfa4ebe0e",
        "projectTimeZoneId": "Europe/Prague",
        "eventId": "event_error",
        "funnelId": null,
        "direction": "up",
        "threshold": 1,
        "alertType": "eventThresholdAbsolute",
        "anomaly": {
            "date": "2021-01-01T21:59:59.999Z",
            "eventsCount": 13,
            "eventsCountDifference": 12


When your secret token is set, Smartlook uses it to create a hash signature that we attach to each payload in the header Smartlook-Signature-256.

Hash verification

The Hash-based message authentication codes (HMAC) uses SHA256 hashing function and is digested as a HEX string. Internally the function may looks like following:

const crypto = require('crypto')

const secret = SECRET_TOKEN
const message = request.body

const signature = crypto
        .createHmac('sha256', secret)