Webhooks

Receive real-time HTTP POST notifications when AI agents interact with your website. Integrate dat2ai events into your existing workflows.

What are Webhooks?

Webhooks are automated HTTP POST requests that dat2ai sends to your server whenever specific events occur on your site. Instead of polling the API for new events, your server receives them in real time.

For example, you can receive an instant notification in Slack when an AI agent submits a contact form, or log the interaction in your CRM system automatically.

Setup

Create a webhook endpoint from the dat2ai dashboard to start receiving event notifications.

1

Navigate to Webhooks

Go to Dashboard > Account > Webhooks section.

2

Enter your endpoint URL

Provide the HTTPS URL of your server that will receive the webhook POST requests. For example: https://your-server.com/webhook/dat2ai

3

Select event types

Choose which event types should trigger the webhook. You can select all events or specific types like invocations only.

4

Copy your webhook secret

After creating the webhook, a unique secret is generated. Copy it immediately — it will only be shown once. You will use this secret to verify webhook signatures.

Payload Format

Each webhook delivery sends a JSON payload containing an array of events and metadata:

{
  "events": [
    {
      "event_id": "evt_abc123",
      "site_id": "site_xyz",
      "tool_name": "contact-form",
      "event_type": "invocation",
      "agent_type": "browser_agent",
      "consent_given": true,
      "timestamp": "2026-02-16T12:00:00Z"
    }
  ],
  "siteId": "site_xyz",
  "timestamp": "2026-02-16T12:00:00Z"
}

The events array can contain one or more events. Events are batched for efficiency — your endpoint may receive multiple events in a single request.

Signature Verification

Every webhook request includes an X-Webhook-Signature header containing an HMAC-SHA256 signature. Always verify this signature to ensure the request came from dat2ai and was not tampered with.

X-Webhook-Signature

HMAC-SHA256 hex digest of the request body, signed with your webhook secret.

Here is a Node.js example for verifying the webhook signature:

const crypto = require('crypto');

function verifyWebhookSignature(req, webhookSecret) {
  const signature = req.headers['x-webhook-signature'];
  const payload = JSON.stringify(req.body);

  const expected = crypto
    .createHmac('sha256', webhookSecret)
    .update(payload)
    .digest('hex');

  const valid = crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );

  return valid;
}

// Express.js example
app.post('/webhook', (req, res) => {
  if (!verifyWebhookSignature(req, process.env.WEBHOOK_SECRET)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  const { events } = req.body;
  for (const event of events) {
    console.log('Received:', event.event_type, event.tool_name);
  }

  res.status(200).json({ received: true });
});

Always use crypto.timingSafeEqual for signature comparison to prevent timing attacks. Never use simple string equality (===).

Event Types

The following event types can trigger webhook deliveries:

Event TypeDescription
invocation

An AI agent successfully invoked a tool (submitted a form)

cancel

An AI agent started but cancelled a tool invocation before completion

rate_limited

An AI agent was blocked by rate limiting rules

consent_given

A user accepted the AI consent prompt

consent_denied

A user declined the AI consent prompt

Delivery

How dat2ai delivers webhook notifications to your endpoint:

POST

All webhooks are delivered as HTTP POST requests to your configured endpoint URL.

10s

Timeout per delivery attempt. If your endpoint does not respond within 10 seconds, the delivery is considered failed.

Content-Type

application/json — all payloads are JSON-encoded.

Retries

Currently fire-and-forget. No automatic retries on failure. We recommend implementing idempotent handlers and monitoring your endpoint for availability.

Use Cases

Slack Notifications

Send a message to a Slack channel whenever an AI agent interacts with your forms. Great for real-time visibility — your team sees every interaction as it happens.

CRM Integration

Automatically create or update contacts in your CRM (HubSpot, Salesforce, Pipedrive) when an AI agent submits a lead form on your behalf.

Custom Analytics

Feed events into your own analytics pipeline (BigQuery, Mixpanel, Amplitude) for custom dashboards, cohort analysis, and cross-platform reporting.

Security Alerting

Trigger alerts in PagerDuty, Opsgenie, or your monitoring system when rate limits are hit or unusual agent activity is detected on your site.