> ## Documentation Index
> Fetch the complete documentation index at: https://docs.salesbricks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

Salesbricks provides webhook support, allowing you to extend its functionality by integrating with external systems, services, or custom workflows.

Webhooks enable real-time notifications and data synchronization, enhancing your overall experience with Salesbricks.

## Getting Started

To begin working with webhooks, ensure that you configure and enable the specific webhooks you intend to consume.

You can do this by navigating to **Settings** -> **Integrations** -> **Webhooks**.

<Card title="Take me there" icon="rocket-launch" href="https://app.salesbricks.com/admin/settings/integrations/webhooks">
  [https://app.salesbricks.com/admin/settings/integrations/webhooks](https://app.salesbricks.com/admin/settings/integrations/webhooks)
</Card>

## Payload Signature

To verify that a payload originated from Salesbricks, a signature will be sent in the `X-SALESBRICKS-KEY` header.

Follow the instructions below to validate the signature:

<CodeGroup>
  ```python Python theme={null}
  import hmac
  import base64
  from hashlib import sha512

  def validate_signature(api_token: str, payload: str, header_signature: str):
    """
    :param api_token: Your Salesbricks API Token
    :param payload: the request payload as a string, ex: request.get('body')
    :param header_signature: signature received with payload, ex: request.get('X-SALESBRICKS-KEY')
    """
    import hmac
    from hashlib import sha512
    import base64

    hmac_hash = hmac.new(
      api_token.encode("utf-8"), payload.encode("utf-8"), digestmod=sha512
    )
    expected_signature = base64.b64encode(hmac_hash.digest()).decode()
    if header_signature != expected_signature:
      raise Exception("Invalid webhook signature")
  ```

  ```javascript JavaScript theme={null}
  const express = require('express');
  const crypto = require('crypto');
  const rawBody = require('raw-body');
  require('dotenv').config(); // Load environment variables from .env file

  const app = express();
  const PORT = 3001;
  const API_TOKEN = process.env.API_TOKEN;

  // Middleware to convert the raw payload to a string
  app.use((req, res, next) => {
    rawBody(req, {
      length: req.headers['content-length'],
      limit: '1mb',
      encoding: req.charset || 'utf-8'
    }, (err, string) => {
      if (err) return next(err);
      req.rawBody = string;
      next();
    });
  });

  // Function to generate HMAC signature
  function generateSignature(secret, payload) {
    return crypto
      .createHmac('sha512', secret)
      .update(payload, 'utf8')
      .digest('base64');
  }

  // Webhook endpoint
  app.post('/webhook', (req, res) => {
    const payload = req.rawBody;
    const headerSignature = req.get('X-SALESBRICKS-KEY');

    console.log('Received Raw Payload:', payload);
    console.log('Received Header Signature:', headerSignature);

    const expectedSignature = generateSignature(API_TOKEN, payload);

    console.log('Expected Signature:', expectedSignature);

    if (headerSignature === expectedSignature) {
      console.log('Signatures match. Payload is authentic.');
      res.status(200).send('Webhook signature valid');
    } else {
      console.log('Signatures do not match. Invalid payload.');
      res.status(400).send('Invalid webhook signature');
    }
  });

  // Start the server
  app.listen(PORT, () => {
    console.log(`Server is running on port ${PORT}`);
  });
  ```
</CodeGroup>

<Tip>
  Remember to replace the placeholder values (`api_token`, `payload`, `header_signature`) with the actual values from your Salesbricks setup.

  This signature verification process ensures the integrity and authenticity of webhook payloads received from Salesbricks.
</Tip>