Web developers typically use webhooks to invoke behavior in another system. For example, you can use webhooks to:
You must be an admin or an agent in a custom role with permission to create webhooks. Trial accounts are limited to a maximum of 10 webhooks and a rate limit of 60 invocations per minute.
About webhooks
There are two ways to connect a webhook to activity in Zendesk Support:
- Subscribe the webhook to one or more Zendesk events. Use this connection method to send requests based on organization, user, agent availability, help center, community, ticket, or messaging activity. For a list of supported event types, see Webhook event types in the API reference.
- Connect the webhook to a trigger or automation. Use this connection method to send requests based on ticket activity.
A webhook that's subscribed to a Zendesk event can't connect to a trigger or automation. Similarly, a webhook that's connected to a trigger or automation can't subscribe to Zendesk events. You can't change an existing webhook's connection method.
Subscribing to Zendesk events
A webhook that's subscribed to one or more Zendesk events always sends requests using the POST HTTP method. The request includes a JSON payload that contains the event's data. You can't change the HTTP method or the payload for the request. For more information about event payload schemas, see Webhook event types in the API reference.
Connecting to triggers or automations
-
JSON
-
XML
-
Form-encoded content
You define the request's content when you connect the webhook to a trigger or automation. For webhooks that use the POST, PUT, or PATCH HTTP method with a JSON or XML request format, the content is the request payload. Webhooks using other HTTP methods or formats don't include a request payload. Instead, you can add custom URL parameters as an array of two key-value strings. When defining the request payload or URL parameters, you can use any of the available content placeholders to insert ticket data into the request.
The webhook's request payload or URL parameters must be less than 256 KB.
Webhook ordering and retries
When an event, trigger, or automation invokes a webhook, it queues the webhook job to be run but doesn't actually run the job immediately. Because webhook jobs are run independently, there is no guarantee that webhooks are executed in a particular order.
Webhook requests are automatically retried up to three times if the endpoint returns certain HTTP response codes. Unlike targets, consecutive failed requests won't deactivate webhooks. For more information and examples of retry scenarios, see Monitoring webhooks in our developer documentation.
Creating a webhook
You can create a webhook in Admin Center.
To create a webhook
- In Admin Center, click
Apps and integrations in the sidebar, then select Actions and webhooks > Webhooks. - Click Create webhook.
- To subscribe the webhook to one or more Zendesk events, select Zendesk events and select one or more event types from the dropdown.
- To connect the webhook to a trigger or automation, select Trigger or Automation.
- Click Next.
- Enter a Name and Description for the webhook.
- Enter the Endpoint URL that is used to integrate with the third-party service or system. See Webhook endpoints.
When setting up a webhook to integrate with a third party, you may need to consult the third party's documentation.
- Select the webhook's Request method and Request format.
- Select the Authentication method for the webhook and provide any additional information required. See Authenticating your webhook.
- (Optional) Click Add header to add a custom header, and then enter a Header name and Value. To add up to four more headers, click Add another header. See Custom webhook headers.
Note: Don't put sensitive information in your custom headers.
- (Optional) Click Test webhook to ensure it's working as expected.
- Click Create webhook to create the webhook.
- For trigger and automation webhooks, you must connect the webhook to a trigger or automation. See Connect the webhook to a Support trigger or automation. After connecting the trigger or automation, return to the Create webhook page and click Finish setup.
After you've created the webhook, you can view its details, subscriptions, and activity from the Webhooks page in Admin Center. See Managing webhooks.
Webhook endpoints
Webhooks send requests to the endpoint URL that you specify when creating them. The endpoint URL uses the following format: https://www.yourdomain.com/path.
Although it isn't required, the use of secure HTTP (HTTPS) is recommended. By providing a secure endpoint URL, you can enable authentication and pass data safely.
Custom webhook headers
Custom headers provide a way to include additional information in the request your webhook sends and can make it easier to connect to some third-party services that have unique webhook header requirements. Note the following requirements and limitations for custom headers:
- To use custom headers, you must use a secure (HTTPS) endpoint URL.
- Don't include authentication credentials or other sensitive information in custom headers. Instead, use the supported authentication methods.
- Header names must be unique and can't have more than 128 characters. All alphanumeric US ASCII characters are supported, as well as the following symbols:
!,#,$,%,&,',*,+,-,.,^,_,`,|, and~. - Header values can be up to 1,000 characters in length and support all US ASCII characters from 0x20 to 0x7E.
- The following headers aren't supported:
- accept-charset
- accept-encoding
- connection
- content-encoding
- content-length
- content-md5
- content-type
- date
- expect
- forwarded
- host
- keep-alive
- max-forwards
- origin
- proxy-authenticate
- referer
- server
- te
- trailer
- transfer-encoding
- upgrade
- user-agent
- via
- www-authenticate
- zendesk-api-version
- zendesk-ep
- Additionally, headers can't start with the following prefixes:
- access-control
- x-amzn
- x-apigw
- x-datadog
- x-envoy
- x-forwarded
- x-zendesk
Authenticating a webhook
If your webhook is integrating with a secure endpoint, you have three options for authenticating the webhook and the data it sends. You may want to reference third-party documentation about your endpoint's authentication requirements or work with a developer on your team to determine the correct authentication method for your webhook.
- None required: No authentication is configured or required.
- API key: Use an API key to authenticate the webhook.
- Basic authentication: Use a username and password to authenticate the webhook.
- Bearer token: Use an OAuth access token to authenticate the webhook.
If your developers want more information about webhook authentication, see Webhook security and authentication.
For additional security, you can also verify the webhook's signature. For more informaiton, see Verifying webhook authenticity.
Connect a webhook to a trigger or automation
To invoke a trigger and automation webhook, you must first connect it to a trigger or automation. The triggers and automations specify the circumstances under which the webhook should be invoked.
To connect a webhook to a Support trigger
- In Admin Center, click
Objects and rules in the sidebar, then select Business rules > Triggers. -
Create a new trigger or edit an existing one by hovering your mouse pointer over the options icon (
) and clicking Edit. - Under Actions, click Add action. Select Notify webhook and then select your webhook.
- Enter the webhook's request payload or URL parameters, depending on the webhook's request format. The payload or parameters must be less than 256 KB.
- Click Save.
- In Admin Center, click Objects and rules in the sidebar, then select Business rules > Automations.
-
Create a new automation or edit an existing one by hovering your mouse pointer over the options icon () and clicking Edit.
- Under Perform these actions, click the add action icon (
). Select Notifications: Notify webhook and then select your webhook. - Enter the webhook's request payload or URL parameters, depending on the webhook's request format. The payload or parameters must be less than 256 KB.
- Click Submit.
Testing a webhook
In Admin Center, you have the option to test the webhook with different event sources as well as requests. In addition to accessing existing webhooks specifically for testing, you can also test the webhook during creation or editing.
To test a webhook
- In Admin Center, click Apps and integrations in the sidebar, then select Actions and webhooks > Webhooks.
- Find the webhook in the list, click the options menu icon () on the webhook's row, and then click Test webhook.
- In the Test webhook panel, select an event to test. This is a sample request that you can use to test your endpoint URL.
- Enter the details of your test request—request body, parameters, or headers.
- Click Send test. The response is visible in the panel below your test request.
81 comments
Jay Jayakrishnan
Hi All,
We have an existing JIRA-Zendesk integration in place with few fields from JIRA syncing into Zendesk custom fields. We are now trying to sync “created” date and “last commented” date from JIRA to Zendesk custom ticket fields; but could not find a solution. Zendesk support suggested us that webhooks would be an idea solution to this: "to call the ticket update endpoint and update the Zendesk custom field".
I'm new to webhooks; and not sure how to accomplish this. Any guidance on this would be very helpful.
0
Jon I Sanchez Martinez
I want to create a webhook to create Posts on X. How can I accomplish that? I'm trying to figure out what to do. AFAIK, I must use X's API + OAuth 1a or OAuth 2 authentication methods, but I can't see those options on Zendesk. Before deprecating Destinations, that worked correctly. Can anybody help me out?
0
Jennie Grudi
Getting a 500 internal server error after testing
0
Leonardo Mello
Essa fila de execução existe uma capacidade? Pelo fato de não executar imediatamente a tarefa, quanto tempo pode demorar a execução? Se existe uma capacidade e um tempo, tem como aumentar a capacidade e diminuir o tempo de execução (talvez em um plano enterprise)?
0
Madhan Thangadurai
Hi all
Do webhooks support bearer tokens (first time), i.e. adding the token for the first time in Admin Center -> Apps and Integrations -> Webhooks -> Create Webhook ? Also does it refresh the tokens automatically when it expires ?
0
Ivan Miquiabas
Thanks for reaching out!
What Peter said was exactly the best explanation regarding this question. Thank you also for sharing your workaround. Although it does send a fair warning. Please do reach out to us again if you encounter any issues, rest assured we can create a ticket on your behalf and assign it to one of our advocates!
Cheers!
0
Simon Pledger
Hi Peter
Thanks for your helpful reply and advice. I'll certainly explore Let's Encrypt going forward.
In the mean time I have actually managed to workaround the problem by opening an additional non secure http port on my same webapplication server and changing my webhook to call the http version of the endpoint instead. Zendesk isn't too happy about me using an http endpoint in my webhook and puts a warning under the field :-) ... but it does now work, and circumvents the ssl validation issue for my local testing.
Best regards
Simon
0
Peter Hochstrasser
Hi 4866210950426
The problem here is that the Zendesk infrastructure is public, and, to my knowledge, you as a user of a Zendesk subdomain do not have a way to add your own certificates (or trust chains). Therefore, you are required to have a "real" certificate that Zendesk can authenticate against a standard set of CA certificates and intermediate certificates.
A cheap (free) and safe way to get such a certificate is to use Let's Encrypt on your end, so on your local web service. Since Zendesk uses this scheme itself, it is very likely that this will work ;-).
Yours truly
Peter
0
Simon Pledger
Hi everyone
I wish to have a webhook call an SSL endpoint on my local development machine, whose target webapplication uses a self signed certificate.
The webhook fails and the activity page reports " x509: certificate signed by unknown authority".
Is there a way to configure Zendesk to allow webhooks to call SSL endpoints with self signed certificates.
In contrast, URL Targets work fine and I have never had issues with them calling self signed certificate SSL endpoints. So I am a little puzzled why this restriction only seems to exist on webhooks. It is sadly preventing me from doing any local development and prototyping at the moment
Thanks in advance for any help
Simon
0
JR Lausin
You must be an admin or an agent in a custom role with permission to create webhooks.
Please check this article.
https://support.zendesk.com/hc/en-us/articles/4408839108378-Creating-webhooks-to-interact-with-third-party-systems#topic_qbn_v4w_dpb
0
Sign in to leave a comment.