Webhook Quick Start
Use webhooks when another system needs to react as soon as something changes in Infodeck. Instead of polling the API every few minutes, you can register one endpoint, choose the events you care about, and optionally narrow them with event filters such as a specific location, asset, site, or work order.
Quick Summary
Go to Settings gear → Webhooks, add your endpoint URL, select events, fill in any relevant Event filters, then create the webhook and copy the signing secret.
Before You Begin
- You must be an Organization Admin or Owner
- Webhooks are available on Professional and Enterprise plans
- You need a publicly accessible HTTPS endpoint to receive events
If you are evaluating webhooks or testing an integration, use webhook.site — it gives you a free temporary HTTPS URL instantly. You can see every incoming request with full headers and payload in real time, no code required.
5-Minute Setup
Step 1: Open Webhook Settings
- Click the Settings gear () at the bottom of the sidebar
- Under Integrations, select Webhooks
Step 2: Add an Endpoint
- Click Add Endpoint
- Enter your HTTPS endpoint URL (e.g.,
https://your-server.com/webhooks/infodeck) - Add an optional description so your team knows what this endpoint is for (e.g., "SAP work order sync", "BMS sensor feed")
Step 3: Choose Events
Select the event types your endpoint should receive. The filter controls only appear after you choose at least one event type.
| Event Category | Events | Good For |
|---|---|---|
| Assets | asset.created, asset.deleted, asset.status.changed, asset.telemetry.updated | Digital twins, BMS, sensor monitoring |
| Work Orders | workorder.created, workorder.updated, workorder.status.changed, workorder.completed | ERP sync, reporting, downstream ticketing |
| Bookings | booking.created, booking.updated, booking.cancelled, booking.checked_in, booking.no_show | Room and resource integrations |
| Visitors | visitor.registered, visitor.checked_in, visitor.checked_out | Access control and visitor logs |
| SOR | sor.schedule.published, sor.quotation.submitted, sor.quotation.approved | Quotation and approval workflows |
Begin with one or two event types that matter most to your integration. You can add more later after the first flow is stable.
Step 4: Add Event Filters
After you select events, Infodeck shows the filter fields that apply to those events.
Examples:
- Asset events show Asset IDs, Location IDs, and Asset Type IDs
- Work order events show Work Order IDs, Location IDs, and Asset IDs
- Booking events show Site IDs and Resource IDs
- Visitor events show Site IDs
- SOR quotation events show Quotation IDs, SOR Schedule IDs, and Work Order IDs
Enter one or more IDs separated by commas or line breaks. Leave the filter fields blank if you want the webhook to deliver all matching events for the selected event types.
Filter Summary
When filters are configured, the webhook list and detail screens show a compact summary such as Locations: 2 · Assets: 1. If nothing is configured, the summary reads All matching events.
Step 5: Save and Copy the Signing Secret
- Click Create Endpoint
- The signing secret appears in a modal - copy it immediately
If you close the modal without copying the secret, you will need to rotate it to get a new one. Copy the secret and share it securely with your developer or integration partner. Treat it like a password - do not share it over email or unsecured channels.
Step 6: Send a Test Event
- Find your webhook in the list
- Click the test icon (play button)
- Your endpoint receives a
webhook.testevent within a few seconds
Check webhook.site (or ask your developer to check their server) to confirm the event arrived. If it did not arrive, check the Delivery Logs tab on the webhook detail to see what went wrong.
webhook.test is always delivered as a connectivity check. It does not need to match your event filters.
Step 7: Give the Signing Secret to Your Developer
The developer integrating with Infodeck needs two things from you:
- The signing secret - to verify that incoming requests genuinely come from Infodeck
- The event types - so they know which events to handle in their code
If you configured filters, share those filter IDs as part of the handoff too.
For the developer guide on building the receiving endpoint, see the Integration Guide.
How Filters Match Events
Webhook filtering follows two simple rules:
- Across fields = AND
- Within one field list = OR
Example:
{
"filtering": {
"mode": "include",
"criteria": {
"locationId": ["loc_hq", "loc_east"],
"assetId": ["ast_ahu_01"]
}
}
}
This webhook only delivers an event when:
- the event belongs to one of the subscribed event types
- the event is for asset
ast_ahu_01 - the event is also in either
loc_hqorloc_east
If the event does not carry a configured field, it does not match that filter.
For a full walkthrough of how each event family maps to filter fields, see How Webhook Event Filters Work.
Managing Webhooks
View Delivery Logs
Click any webhook to see its delivery history:
- Successful deliveries — your endpoint returned
200 - Failed deliveries — your endpoint returned an error or was unreachable
- Response time — how long your endpoint took to respond
- Failure reason — what went wrong (timeout, 500 error, connection refused, etc.)
Retry Failed Deliveries
If a delivery failed because of a temporary issue on your end (server restart, network blip), you can retry it:
- Open the webhook's delivery logs
- Find the failed delivery
- Click Retry
Infodeck will re-send the exact same event payload to your endpoint.
Edit a Webhook
- Click the webhook in the list
- Update the URL, events, or description
- Review the Event filters section and adjust it if your event scope changed
- Save changes
Disable vs Delete
| Action | What Happens |
|---|---|
| Disable | Webhook stops receiving events but keeps its configuration and delivery history. You can re-enable it later. |
| Delete | Webhook is removed permanently. Delivery logs are retained for a period. |
If you are troubleshooting an issue, disable the webhook instead of deleting it. This preserves the configuration and delivery history for investigation.
Rotate the Signing Secret
If your signing secret may have been exposed:
- Open the webhook detail
- Click Rotate Secret
- Choose Graceful (recommended) or Immediate:
| Mode | What Happens |
|---|---|
| Graceful | Old secret remains valid for 24 hours while you update your endpoint. Both secrets work during the overlap. |
| Immediate | Old secret is invalidated instantly. Use only in emergencies. |
- Copy the new secret and update your endpoint code
Setup Examples
Asset alarms for one site
Use when: a building dashboard only needs events from one location.
- Subscribe to
asset.status.changedandasset.telemetry.updated - Add
locationIdfilters for the target site or floor - Leave
assetIdblank if you want all assets in that location
Visitor check-ins for one lobby
Use when: a reception or access control tool should only react for one site.
- Subscribe to
visitor.registered,visitor.checked_in, andvisitor.checked_out - Add the target
siteId - Test the webhook and confirm the delivery arrives
Work order completion for one contractor job
Use when: an external system only cares about one tracked work order.
- Subscribe to
workorder.completed - Add the
workOrderId - Optionally also subscribe to
workorder.status.changedif you need interim progress states
Understanding the Two Secrets
If your organization uses both API keys and webhooks, your team handles two different secrets:
| API Key | Webhook Signing Secret | |
|---|---|---|
| What it does | Lets your system call Infodeck's API | Lets your system verify Infodeck's webhook deliveries |
| Created in | Settings → API Keys | Settings → Webhooks |
| Who uses it | Your developer, in API call headers | Your developer, in webhook verification code |
| Direction | Your system → Infodeck | Infodeck → Your system |
They are separate credentials for separate purposes. An API key cannot be used as a signing secret, and vice versa.
Troubleshooting
| What You See | What It Means | What to Do |
|---|---|---|
| Test event arrived but real events do not | The selected event type or filter values do not match live events | Review the configured events, then compare your filter IDs with the event source records |
| Filter fields are missing | No event types are selected yet, or the selected events do not use those IDs | Choose the event types first, then fill in the relevant IDs only |
| Wildcard webhook still does not receive everything | Wildcard subscriptions still obey configured filters | Remove the filters if you want every event type delivered |
| Work order completion appears twice | The webhook subscribes to both workorder.status.changed and workorder.completed | Keep both only if you need both signals |
| Quotation submit appears twice | Auto-approved quotations emit both submitted and approved events | Handle both event types explicitly in your integration |
| Cannot save a very large list of IDs | V1 supports up to 50 IDs per filter field | Split the subscription, or remove filters if the webhook should receive a broader scope |
For a deeper troubleshooting guide, see Webhook Filter Troubleshooting.
Related Articles
- How Webhook Event Filters Work - UI flow, matching rules, and examples
- Webhook Filter Troubleshooting - why a filtered webhook may not fire
- Integration Guide - Developer walkthrough for building the receiving endpoint
- Webhook Management API - Manage webhooks programmatically
- Webhook Security - Signature verification and secret rotation
- API Keys - Set up API keys for outbound API calls
- Settings Overview
Need help? Contact Infodeck Support