Webhook alerts
If you've added a webhook URL to your rule, Codat will POST to that URL each time an alert is raised.
The body of the request will include details such as the RuleId, the RuleType and the CompanyId that triggered the alert as well as data relevant to the particular rule type. Example bodies are detailed for each rule in our Rule types page.
Expected response codes
Response code | Description |
|---|---|
200 or 2xx range status code | Alert was received successfully. |
300 or 3xx range status code | Redirects the alert to another URL. Codat doesn't permanently cache the redirect. |
408, 420, 429, 460, 502, 503, 504, 522, and 524 | Transient error or a timeout. Codat retries the webhook alert. |
Any other status code, including 400 | Unrecoverable, no retry is attempted. |
Alert retries
Webhook alerts retry a maximum of three times over a 2 minute period before failing permanently. The retry interval increases each time to a maximum of 60 seconds.
To override the retry interval, include a Retry-After header in your response.
Filtering webhooks by client
If you’re a Codat partner with a single webhook endpoint for multiple clients, you can filter webhook calls by client.
The HTTP header of the standard webhook call contains an X-Codat-ClientId which uniquely identifies each client account. To find out the ID for the Codat client you’re logged in as, use GET /profile/syncSettings or contact our solutions team.
Webhook security
If you'd like to secure your webhook endpoints, you can add an Authorization header to the notifications Codat sends using the settings on the Portal's Organization settings page.
Authorization method or scheme | Description |
|---|---|
Basic | A base-64 encoded username and password is added to the authorisation header of the HTTP request. |
Bearer | A custom value or token is added to the authorisation header. |
Updated 4 months ago