Webhooks

Receive real-time notifications about conversions, impressions, and A/B test events

What are Webhooks?

Webhooks allow you to receive HTTP POST requests to your server whenever specific events occur in your Keak account. This enables real-time integrations with your systems, analytics platforms, CRMs, and custom applications.

Key Features

Real-time Delivery

Receive events instantly as they happen in your Keak account

Secure Signatures

HMAC-SHA256 signatures verify webhook authenticity

Automatic Retries

Failed deliveries are automatically retried with exponential backoff

Available Events

conversion.created

Triggered when a user completes a conversion event on your website

impression.created

Triggered when a variation is shown to a user in an A/B test

test.started

Triggered when an A/B test is activated and begins serving traffic

test.completed

Triggered when an A/B test reaches statistical significance or is manually stopped

Quick Start

Create a Webhook

Go to your webhooks dashboard and create a new webhook endpoint

Configure Your Endpoint

Enter your server URL and select which events you want to receive

Verify Signatures

Use the webhook secret to verify incoming requests are from Keak

Handle Events

Process webhook payloads in your application

Example Payload

{
  "event": "conversion.created",
  "timestamp": "2024-01-15T10:30:00.000Z",
  "data": {
    "id": "conv_abc123",
    "test_id": "test_xyz789",
    "variation_id": "var_001",
    "user_id": "user_456",
    "conversion_type": "purchase",
    "value": 99.99,
    "currency": "USD",
    "metadata": {
      "order_id": "ord_12345"
    }
  }
}

Security

Signature Verification

Every webhook request includes an X-Keak-Signature header containing an HMAC-SHA256 signature of the payload. Always verify this signature using your webhook secret to ensure the request is legitimate.

Example verification (Node.js):

import crypto from 'crypto';

function verifyWebhook(payload, signature, secret) {
  const hmac = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(hmac)
  );
}

Best Practices

Respond quickly: Return a 2xx status code within 5 seconds to acknowledge receipt

Process asynchronously: Queue webhook payloads for background processing to avoid timeouts

Handle duplicates: Use the event ID to detect and ignore duplicate deliveries

Rotate secrets regularly: Use the secret rotation feature to update webhook secrets without downtime

Ready to get started?

Create your first webhook and start receiving real-time events

Additional Resources

API Reference

Complete API documentation

Manage Webhooks

View and configure your webhooks