Webhooks
Webhooks allow you to receive real-time notifications when events happen in Bookora. Instead of polling the API, Bookora sends HTTP requests to your endpoint when events occur.
How Webhooks Work
- 1. You register a webhook endpoint URL in Developer Settings.
- 2. You subscribe to specific events (e.g., customer.created).
- 3. When an event occurs, Bookora sends an HTTP POST to your endpoint.
- 4. Your server processes the event and responds with a 200 status.
Available Events
customer.createdA new customer is added to the CRM
booking.createdA new appointment is booked
booking.cancelledAn appointment is cancelled
booking.rescheduledAn appointment is rescheduled
lead.qualifiedA lead reaches a qualification threshold
no_show.detectedAn appointment is marked as no-show
review.createdA customer leaves a review
workflow.triggeredA workflow is triggered
Webhook Payload
Each webhook POST includes a JSON payload with event details:
{
"event": "booking.created",
"id": "evt_abc123",
"created_at": "2026-06-10T10:30:00Z",
"data": {
"booking_id": "bkg_abc123",
"customer_id": "cus_xyz789",
"customer_name": "Jane Doe",
"service": "Consultation Call",
"start_time": "2026-06-15T14:00:00Z",
"end_time": "2026-06-15T15:00:00Z",
"price": 150.00
}
}Webhook Security
Webhook payloads are signed to ensure they come from Bookora:
Signature Verification
Each webhook request includes a X-Bookora-Signature header. This signature is generated using your webhook secret and the request body.
Verifying Signatures
// HMAC-SHA256 signature
const crypto = require('crypto');
const sig = crypto
.createHmac('sha256', webhookSecret)
.update(JSON.stringify(body))
.digest('hex');Best Practices
- Respond with HTTP 200 within 5 seconds to acknowledge receipt
- Process events asynchronously (do not block the response)
- Verify the signature to confirm the request is from Bookora
- Use a unique webhook secret for each endpoint
- Handle retries — Bookora retries failed deliveries up to 3 times
- Use HTTPS for your webhook endpoint