Webhooks
Last updated 2026-02-13
const created = await client.webhooks.create({
url: "https://example.com/webhooks/rooaak",
events: ["message.responded", "agent.error"],
});
const all = await client.webhooks.list();
await client.webhooks.delete(created.id);Verify signatures
Rooaak signs webhook payloads using HMAC SHA-256 over the raw request body.
Always verify the signature before processing the payload.
import { verifyWebhookSignature } from "rooaak";
const ok = await verifyWebhookSignature(rawBody, signature, secret);Next.js (App Router) example
// src/app/api/webhooks/rooaak/route.ts
import { verifyWebhookSignature } from "rooaak";
export async function POST(req: Request) {
const rawBody = await req.text();
const signature = req.headers.get("x-rooaak-signature") ?? "";
const ok = await verifyWebhookSignature(rawBody, signature, process.env.ROOAAK_WEBHOOK_SECRET!);
if (!ok) return new Response("Invalid signature", { status: 401 });
const event = req.headers.get("x-rooaak-event") ?? "";
const payload = JSON.parse(rawBody);
// TODO: handle event + persist idempotently (use X-Rooaak-Delivery)
return Response.json({ ok: true, event });
}Receiver tips
- Persist and dedupe deliveries using
X-Rooaak-Delivery. - Respond quickly (enqueue work) to avoid retries.