Inbound Webhooks

Inbound Webhooks are unique endpoints that can be embedded into your applications to notify Webex Connect of events occurring in the your application(s).

In essence, they work the same way as custom event API v1 but are flexible with the input JSON/XML body that will be parsed as JPath/Xpath and the variables will be made available in flows/rules.



We support two types of authentication for inbound webhooks:

  • Service Key based authentication
  • JWT based authentication

When authentication is enabled you need to use one of service key or JWT credentials associated with the relevant Webex Connect service which contains the rule/flow you've associated the inbound webhook with.

Signature Validation

In addition, we offer support for signatures (using SHA 256 or SHA 512) within headers of inbound webhooks that trigger flows. It will add an additional layer of security to your inbound webhook requests and help safeguard against potential security threats. When signatures are enabled, invalid requests will return an HTTP 400 error.


Difference between Authentication and Signature Validation

Service Key or JWT Tokens enables you to validate that the request is being made by an authenticated entity. Signature Validation enables you to ensure the integrity of data and ensure that it wasn't intercepted during the transition from the source till it's received on Webex Connect.

We encourage you to use both these options as per security best practices.


Once an inbound webhook has been configured, it can start accepting any JSON/XML payload. The payload is passed to the linked rule and/or flow. You can also enter example JSON or send a live request to parse. These parameters will be saved and available for usage in rules and flows when you start typing with $ to search for a variable.


If you invoke an Inbound Webhook that's not associated with any flow or rule, the system will queue it but no action will be taken at the back of it.

Here is an example of how a sample JSON is parsed.

Please note that the service key / JWT token will need to be passed in the header of the request, with header name as key.

            "title":"JSON API paints my bikeshed!",
            "body":"The shortest article. Ever.",

Parsed variables for above sample


Parsed value





JSON API paints my bikeshed!


The shortest article. Ever.





Response Codes

Inbound Webhooks are asynchronous. When you send a request to inbound webhooks, Webex Connect returns an immediate response code and description to confirm whether your request has been successfully queued or not. Here's the list of various response codes with their description.

Response Code





Returned when the request is accepted by Webex Connect.


Invalid JSON

Returned when an invalid JSON request is sent.


Authentication failed

Returned when an invalid service key or profile key is provided in the request.


Internal error occurred

Returned when there is an issue with Webex Connect.


You have reached maximum transaction limit

Returned when you have reached the transaction limit.


Invalid XML

Returned when an invalid XML request is sent.


Know Your Endpoint

Based on the domain you use to log in to Webex Connect, the endpoint for your API varies. See the endpoint section to understand which endpoint to use for your domain.