Connect Inboxy to AnythingWebhooks, API Tokens & Integrations
Real-time outbound webhooks for thirteen event types with HMAC-SHA256 signatures and automatic retry. API tokens with thirteen permission scopes. Compatible with Zapier, Make, and n8n.
{
"event": "message.received",
"timestamp": "2026-04-12T14:30:00Z",
"channel": "whatsapp",
"contact": {
"name": "Ahmed Mohamed",
"phone": "+966501234567"
},
"message": {
"text": "I want to order",
"type": "text"
}
}
Headers:
X-Inboxy-Signature: sha256=a1b2c3...
X-Inboxy-Timestamp: 1712930200Event Types
SHA256 Signature
Auto Retry
Permission Scopes
Compatible Platforms
Thirteen Event Types
Receive real-time notifications for every important event on your platform via outbound webhooks
Messages
message.receivedmessage.sentContacts
contact.createdcontact.updatedConversations
conversation.openedconversation.closedconversation.assignedOrders
order.createdorder.updatedorder.completedorder.cancelledCampaigns
campaign.startedcampaign.completedAI
agent.responseCore Features
Automatic Event Dispatch
When any of thirteen events occur in Inboxy, data is automatically sent as JSON to the specified endpoint
HMAC-SHA256 Signature
Every request includes an HMAC-SHA256 signature in the X-Inboxy-Signature header with timestamp for security verification
Exponential Retry Backoff
On failure, the system retries with increasing intervals: 1s, 2s, 4s, 8s. Three retries maximum by default.
API Token Management
Create API tokens with inboxy_ prefix and thirteen permission scopes. Token shown only once and stored hashed.
How Webhooks Work
Event in Inboxy
New message, order, or contact update
Build Payload & Sign
JSON data with HMAC-SHA256 signature in header
POST to Your URL
Send to specified endpoint with SSRF protection
Success or Retry
Success (200) or auto-retry with exponential backoff
Webhook Management
Full control over your platform webhooks with detailed delivery logs and SSRF protection.
curl -X POST \
https://api.inboxy.chat/v1/messages \
-H "Authorization: Bearer inboxy_abc..." \
-H "Content-Type: application/json" \
-d '{
"channel": "whatsapp",
"to": "+966501234567",
"template": "order_update",
"variables": {
"order_id": "#5678",
"status": "shipped"
}
}'API Tokens with Granular Permissions
Create API tokens with inboxy_ prefix and thirteen permission scopes. Token shown only once at creation and stored SHA-256 hashed. Optional expiration date and last-used tracking.
Integration Examples
Some practical scenarios for how to use webhooks and API tokens
Sync with HubSpot
New WhatsApp message → Auto-create HubSpot contact via Zapier
Slack Notifications
New order → Instant notification in Slack channel via Make
Update Google Sheets
New contact → Add row in Google Sheets via n8n
Custom OTP System
Send verification codes via WhatsApp using API tokens with otp:send scope
WooCommerce Sync
Connect WordPress store with Inboxy via API token with woocommerce:read/write scopes
External CRM Integration
Two-way contact sync with any CRM via contacts:read and webhooks
Enterprise-Grade Security
HMAC-SHA256 signature for every request with hashed API token storage and SSRF protection that blocks private IPs and cloud metadata.
SHA256 Signature
Built-in Protection
Replay Window
Audit Trail
Compatible With Over 5,000 Apps
Zapier
Connect with over five thousand apps. Trigger Zaps on any of thirteen events.
Make
Advanced automation scenarios with webhook trigger module. Formerly Integromat.
n8n
Open-source automation with webhook node. Perfect for self-hosted environments.
Event Types
Permission Scopes
Compatible Platforms
API Interface
Connect Inboxy With Your Favorite Tools
Webhooks and REST API for seamless integration with Zapier, Make, n8n, and any external app
Easy-to-use interface
