Skip to main content

Webhooks

DISCLAIMER

This feature and its documentation are under development. The documented events and payloads are subject to changes. Therefore, please do not base your work on this documentation until our final confirmation.

The webhooks allow you to send automated messages from Qualifio Loyalty to your external application in real-time (such as Zapier for example).The message contains information about events from the members' journey in Qualifio Loyalty. Since webhooks are a Qualifio standard integration, we encourage you to use it to collect loyalty data and communicate towards your loyalty audience in real-time.

HTTPS protocol

The webhook sends events from Qualifio Loyalty to the endpoint URL via HTTPS POST calls. Your server needs to be able to handle such requests.

Events

The events that can be sent are in the table overview below:

NameDescription
Profile creationA member first authenticates via the company SSO
Member portal visitMember connects to and visits his member portal
Change in levelA member's level is changed
EarningAn earning flow is completed, a member earns points
BurningA burning flow is completed, a member exchanges points against a reward
Point correction +The program manager adds points to the balance of a given member
Point correction -The program manager subtracts points from the balance of a given member
Free GiftThe program manager user distributes a free gift to a member of the program

Payload structure

The payload is an array of objects. Each object represents an event.

The payload structure for each event is described in subsequent pages

Push trigger

Push rules are set up in the Loyalty back-office and define the scope of the data to send. For each webhook, the type of events (e.g. earning events and changes in level) and the loyalty programs (e.g. a multi-brand group can choose to decide to send data from two different loyalty programs) can be selected as part of the scope.

Security

Webhooks can be secured by using a custom header with a custom value, which allows to use traditional authentication methods (basic auth, bearer token) as well as custom authentication methods.

Eg :

  • Header name : x-test-authorization-header
  • Header value : 123456ots

Moreover, an extra layer of security can be configured:

  • Secret : It allows you to generate an HMAC signature, combination of the secret and the participation payload in the header
curl \
--request POST \
--header "Content-Type: application/json" \
--header "x-test-authorization-header: 123456ots" \
--data 'the payload of the participation in JSON' \
https://www.google.com

Response and retry management

We expect to receive a 2XX code as a response for a successful post request following an event. If any other code than a 2XX code is received, it will be considered as a failed request. In this case, the HTTPS post request will be retried 7 times before being completely blocked.

How to test ?

You can test the webhooks by performing one of the aforementioned events and configure your endpoint as a webhook.site.