API Reference
Webhooks
Integrate with the Kantos REST API.
Webhooks deliver real-time notifications to your application when events occur in Kantos. Configure automation rules to send HTTP callbacks when records are created, updated, or deleted.
Webhook Events
| Event | Triggered When |
|---|---|
record.created | A new record is created |
record.updated | A record is modified |
record.deleted | A record is deleted |
intake.received | A form submission is received |
Webhook Payload
Each webhook delivery includes the event type, timestamp, and full record data:
{
"event": "record.created",
"timestamp": "2024-01-15T10:30:00Z",
"data": {
"id": "rec_abc123",
"object_id": "obj_contacts",
"field_values": {
"name": "John Doe",
"email": "john@example.com"
}
},
"signature": "sha256=..."
}Signature Verification
Verify webhook authenticity by checking the signature field. Kantos signs payloads with your webhook secret using HMAC-SHA256:
import crypto from 'crypto';
function verifyWebhook(payload: string, signature: string, secret: string): boolean {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Retry Policy
Failed webhook deliveries (non-2xx responses or timeouts) are retried with exponential backoff:
- Retry 1: after 1 minute
- Retry 2: after 5 minutes
- Retry 3: after 30 minutes
After 3 failed attempts, the webhook is marked as failed in the automation execution logs. You can review and retry failed deliveries from the Automations dashboard.
Idempotency
Design your webhook handler to be idempotent — safe to process the same event multiple times. Use the event and timestamp fields to deduplicate if needed.
Configuring Webhooks
Webhooks are configured as automation actions. See Automation Webhooks for step-by-step setup instructions.
Next Steps
- Automation Webhooks — Configure webhook triggers
- Rate Limits — Understand delivery quotas
- Authentication — Secure your webhook endpoint