This feature and its documentation are under development. The documented events and payloads are subject to changes. Therefore, please do not base your work on this documentation until our final confirmation.
The webhooks allow you to send automated messages from Qualifio Loyalty to your external application in real-time (such as Zapier for example).The message contains information about events from the members' journey in Qualifio Loyalty. Since webhooks are a Qualifio standard integration, we encourage you to use it to collect loyalty data and communicate towards your loyalty audience in real-time.
The webhook sends events from Qualifio Loyalty to the endpoint URL via HTTPS POST calls. Your server needs to be able to handle such requests.
The events that can be sent are in the table overview below:
|Profile creation||A member first authenticates via the company SSO|
|Member portal visit||Member connects to and visits his member portal|
|Change in level||A member's level is changed|
|Earning||An earning flow is completed, a member earns points|
|Burning||A burning flow is completed, a member exchanges points against a reward|
|Point correction +||The program manager adds points to the balance of a given member|
|Point correction -||The program manager subtracts points from the balance of a given member|
|Free Gift||The program manager user distributes a free gift to a member of the program|
The payload is an array of objects. Each object represents an event.
The payload structure for each event is described in subsequent pages
- Profile creation
- Member portal visit
- Level change
- Point correction +
- Point correction -
- Free Gift
Push rules are set up in the Loyalty back-office and define the scope of the data to send. For each webhook, the type of events (e.g. earning events and changes in level) and the loyalty programs (e.g. a multi-brand group can choose to decide to send data from two different loyalty programs) can be selected as part of the scope.
Webhooks can be secured by using a custom header with a custom value, which allows to use traditional authentication methods (basic auth, bearer token) as well as custom authentication methods.
- Header name :
- Header value :
Moreover, an extra layer of security can be configured:
- Secret : It allows you to generate an HMAC signature, combination of the secret and the participation payload in the header
--request POST \
--header "Content-Type: application/json" \
--header "x-test-authorization-header: 123456ots" \
--data 'the payload of the participation in JSON' \
Response and retry management
We expect to receive a 2XX code as a response for a successful post request following an event. If any other code than a 2XX code is received, it will be considered as a failed request. In this case, the HTTPS post request will be retried 7 times before being completely blocked.
How to test ?
You can test the webhooks by performing one of the aforementioned events and configure your endpoint as a webhook.site.