Instantly Webhook Integration FAQs

Question 1

How do I verify Instantly webhook signatures?

Accepted Answer

Use the provided SHA256 HMAC verification logic which combines your secret key, the timestamp header, and the raw request body to ensure the request originated from Instantly.

Question 2

How can I test Instantly webhooks locally?

Accepted Answer

You can use a tool like ngrok to expose your local development server and then configure the resulting URL in the Instantly dashboard or use the Instantly CLI to trigger test events.

Question 3

How do I handle duplicate webhook events?

Accepted Answer

The skill provides an idempotency pattern using Redis to store event IDs with a TTL. This allows your handler to check if an event has already been processed before executing logic.

Question 4

Why do I need to use the raw body for validation?

Accepted Answer

Cryptographic signature algorithms require the exact byte-for-byte representation of the request body. Using a pre-parsed JSON object can fail validation due to minor formatting differences.

Question 5

What is the purpose of the timestamp in the Instantly header?

Accepted Answer

The timestamp is used for replay attack protection, allowing your server to reject requests that are older than a specific threshold (e.g., 5 minutes) to prevent malicious resubmissions.

Instantly Webhook Integration

Características Principales

Casos de Uso

Instantly Webhook Integration

Características Principales

Casos de Uso