> For the complete documentation index, see [llms.txt](https://docs.ticketspot.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ticketspot.io/integrations/webhooks.md).

# Webhooks

Once your server is configured to receive payloads, it'll listen for any payload sent to the endpoint you configured. For security reasons, you probably want to limit requests to those coming from Ticket Spot. There are a few ways to go about this--for example, you could opt to allow requests from Ticket Spot's IP address--but a far easier method is to set up a secret token and validate the information.

To setup webhooks

1. Go to "Automations" within your dashboard
2. Select your trigger type you want to trigger events from
3. Select "Webhook" from the action list
4. Enter a destination URL where the payload will be sent
5. Enter a secret token that you will use to verify the header signature
6.  

   <figure><img src="/files/8kPID3RMpOGkHhzwHqFx" alt=""><figcaption></figcaption></figure>

### Validating payloads from Ticket Spot <a href="#validating-payloads-from-github" id="validating-payloads-from-github"></a>

When your secret token is set, Ticket Spot uses it to create a hash signature with each payload. This hash signature is included with the headers of each request as `x-ts-signature-256`.

For example, if you have a basic server that listens for webhooks, it might be configured similar to this:

```ruby
require 'sinatra'
require 'json'

post '/payload' do
  request.body.rewind
  push = JSON.parse(request.body.read)
  "I got some JSON: #{push.inspect}"
end
```

The intention is to calculate a hash using your `SECRET_TOKEN`, and ensure that the result matches the hash from Ticket Spot. Ticket Spot uses an HMAC hex digest to compute the hash, so you could reconfigure your server to look a little like this:

```ruby
post '/payload' do
  payload_body = request.body.read
  verify_signature(payload_body)
  push = JSON.parse(payload_body)
  "I got some JSON: #{push.inspect}"
end

def verify_signature(payload_body)
  signature = 'sha256=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ENV['SECRET_TOKEN'], payload_body)
  return halt 500, "Signatures didn't match!" unless Rack::Utils.secure_compare(signature, request.env['HTTP_X_TS_SIGNATURE_256'])
end
```

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.ticketspot.io/integrations/webhooks.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.