Webhooks integration guide

Webhooks are SALT's general-purpose outbound event mechanism. You point a URL at SALT, configure which events should fire, and SALT delivers JSON payloads with retry and verification baked in. Best for custom integrations Zapier doesn't cover.

Updated Apr 29, 2026 For agency admin

In short: Configure a webhook URL on your agency’s webhooks integration. SALT POSTs JSON event payloads to your URL with retry logic. Verify via SALT’s signing for security.

When to use Webhooks

Use Webhooks when:

  • You’re integrating with a custom system that doesn’t have a SALT app
  • Zapier’s no-code workflows aren’t fast or flexible enough
  • You need direct control over the integration logic
  • You want low-latency event delivery (Zapier introduces a small delay)

For most no-code use cases, Zapier is faster to set up. Pick Webhooks when you have engineering resources and specific requirements.

What gets delivered

Each event delivers a JSON payload to your endpoint. Common event types:

  • submission.created — new Submission
  • submission.updated — Submission fields changed
  • submission.completed — Submission finished by the consumer
  • submission.archived — Submission archived
  • contact.created — new Insured captured
  • form_progress.* — milestone events during incomplete sessions

(Exact event names may vary — check your agency’s webhook configuration UI for the available events.)

The payload typically includes:

  • Event type and timestamp
  • Submission ID
  • Submission data (subject to standard sensitive-data handling)
  • Form and Link references
  • Account context

Configure a webhook

  1. 1

    Open Integrations on your account and find Webhooks.

  2. 2

    Click to add a new webhook endpoint.

  3. 3

    Enter your URL (must be HTTPS).

  4. 4

    Pick the events you want to receive.

  5. 5

    Save. SALT generates a signing secret you’ll use to verify incoming webhooks.

  6. 6

    Test by submitting a sample on a Form that triggers one of the configured events.

You can configure multiple endpoints — for example, one URL for production and one for staging.

Retry behavior

If your endpoint doesn’t respond with a 2xx status, SALT retries:

  • Initial retry within seconds
  • Exponential backoff over hours
  • Eventually gives up after a maximum window

Your endpoint should:

  • Respond with 2xx as soon as the payload is received (don’t process synchronously — queue it)
  • Be idempotent — SALT may deliver the same event more than once on retry
  • Handle out-of-order delivery gracefully — events for a single Submission may arrive close together but not in strict creation order

Verifying webhooks

Each webhook delivery includes a signature in the request headers. To verify the request came from SALT:

  1. Look up the signing secret SALT generated for this endpoint
  2. Compute the signature on the received payload using the same algorithm
  3. Compare to the header value
  4. Reject if mismatched

The exact algorithm and header name are documented in your webhook configuration UI.

Don’t process unsigned or unverified payloads — they could be from anyone.

Disable a webhook

Disable an endpoint to pause delivery without deleting:

  • The endpoint stays in your config
  • New events don’t fire to it
  • Re-enable any time to resume

For a permanent removal, delete the endpoint.

Common questions

What’s the maximum payload size? SALT keeps payloads compact. Large attachments (documents, images) aren’t included inline; the payload contains references your endpoint can fetch separately.

My endpoint sometimes times out and SALT retries — is that a problem? Each retry attempt is a fresh delivery. As long as your endpoint is idempotent, retries are safe. If retries pile up, scale your endpoint to respond faster.

Does Webhooks consume Data Credits? No.