Configure webhooks
Last updated: 2026-06-01
Set up a webhook endpoint, register it with Drömlik, and verify incoming requests.
1. Build the endpoint
Your endpoint must:
- Be reachable on HTTPS with a valid TLS certificate.
- Accept POST with JSON body.
- Respond with HTTP 2xx within 10 seconds.
- Verify the
X-Dromlik-Signatureheader before trusting the payload.
2. Register it in Drömlik
- 1
Open Integrations → Webhooks
Click Add Webhook.
- 2
Enter the URL
Paste your endpoint URL. Drömlik will send a test request immediately to confirm reachability.
- 3
Copy the shared secret
Drömlik generates a per-webhook secret. Store it alongside your other secrets — you need it to verify signatures.
- 4
Pick events
Tick the event codes you want delivered. Leave the rest off to reduce volume.
- 5
Save
The webhook is active immediately.
3. Verify signatures (Node example)
import { createHmac, timingSafeEqual } from "crypto";
function verify(req, secret) {
const sig = req.headers["x-dromlik-signature"]; // e.g. "sha256=abc..."
const body = req.rawBody; // raw string, not parsed JSON
const expected = "sha256=" + createHmac("sha256", secret).update(body).digest("hex");
return timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
}4. Handle retries idempotently
Store each event_id you've processed. If you receive the same id again (because your first 2xx didn't reach Drömlik), skip it.
5. Monitor delivery
Open Integrations → Webhooks → Delivery log to see the last 7 days of attempts: status code, latency, retry count, and the request body Drömlik sent.