Outbound Webhooks

Outbound Webhooks

OM_Webhooks fires HTTP POST requests to external URLs when events occur.

Supported Events

subscriber.created, subscriber.updated, subscriber.unsubscribed, subscriber.tagged, subscriber.stage_changed, campaign.sent, campaign.opened, campaign.clicked, campaign.completed, automation.step_completed, lead_score.updated

Webhook Configuration

php$id = OM_Webhooks::create([
    'name'         => 'CRM Sync',
    'url'          => 'https://mycrm.com/hooks/omailer',
    'events'       => [ 'subscriber.created', 'subscriber.tagged' ],
    'secret_token' => 'my_secret',  // optional, auto-generated if omitted
    'method'       => 'POST',       // POST or PUT
]);

Payload

Every webhook sends a JSON body:

json{
  "event":      "subscriber.created",
  "timestamp":  1714089600,
  "data": {
    "subscriber_id": 42,
    "email":          "jane@example.com",
    "first_name":     "Jane"
  }
}

Signature Verification

When a secret_token is set, OMailer signs every payload with HMAC-SHA256:

X-OMailer-Signature: sha256=<hmac_hex>

Verify on your server:

php$sig = hash_hmac( 'sha256', $raw_body, $secret );
$is_valid = hash_equals( $sig, $received_sig );

Retry Logic

Failed webhook deliveries are retried up to 3 times with exponential backoff (5 min, 30 min, 2 hours). After 3 failures the webhook is marked as failed in om_webhooks.fail_count. Deliveries are logged in om_webhook_log.