Webhooks

Today, one event:

• lead.captured — fires when the agent successfully captures a lead (via the pre-chat form, conversational collection, or booking flow)

From the agent dashboard, go to Leads → Configure → Destinations. Add a destination of type Webhook with:

• URL — your endpoint (HTTPS required for production)
• Method — POST (default), PUT, or PATCH
• Signing secret — generated by Chatmount; copy and store it server-side
• Custom headers — optional key/value pairs (e.g. X-Tenant-Id)

You can wire multiple destinations per agent — Chatmount POSTs to all of them in parallel.

Every request includes an X-Chatmount-Signatureheader containing an HMAC-SHA256 of the raw request body, signed with your destination’s secret. Verify on every request — anyone can POST to a public URL.

import crypto from "crypto";

const expected = crypto
  .createHmac("sha256", process.env.CHATMOUNT_SECRET)
  .update(rawBody) // the exact bytes you received, NOT JSON.stringify(body)
  .digest("hex");

const provided = req.headers["x-chatmount-signature"];

if (
  !provided ||
  !crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(provided))
) {
  return res.status(401).end();
}

For frameworks that JSON-parse the body before your handler (Next.js API routes, default Express), disable the body parser on the webhook route and read the raw bytes — otherwise the signature won’t match.

We retry failed deliveries with exponential backoff: 1m, 5m, 30m, 2h, 6h, 12h, 24h. After 7 attempts the delivery is dropped and a notification is sent to the workspace admin email.

A delivery is considered successful on any 2xx response. Aim for 200 OK within a few seconds; if your processing is long-running, accept the webhook synchronously and queue the actual work.