Reference

Webhooks

Subscribe to outbound events from your ReplyFront workspace.

By ReplyFront Team · Last updated June 19, 2026

Available events

  • conversation.created
  • conversation.closed
  • message.received
  • message.sent
  • handoff.requested
  • broadcast.sent

Verifying signatures

Every payload is signed with HMAC-SHA256 using your webhook secret. Verify the X-ReplyFront-Signature header.

JavaScript
import crypto from "node:crypto";

const expected = crypto
  .createHmac("sha256", process.env.REPLYFRONT_WEBHOOK_SECRET)
  .update(rawBody)
  .digest("hex");

const ok = crypto.timingSafeEqual(
  Buffer.from(headers["x-replyfront-signature"]),
  Buffer.from(expected),
);