Skip to content
HomeHomeWidgetsWidgetsConversationsConversationsInsightsInsightsAnalyticsAnalyticsUsageUsage
SettingsSettings
openalice · embed / widgets
Skip to content
HomeHomeWidgetsWidgetsConversationsConversationsInsightsInsightsAnalyticsAnalyticsUsageUsage
SettingsSettings
openalice · embed / widgets / webhooks
Skip to content
HomeHomeWidgetsWidgetsConversationsConversationsInsightsInsightsAnalyticsAnalyticsUsageUsage
SettingsSettings
openalice · embed / widgets / Lily / webhooks
OverviewSet upLaunchGrowSettings
AnalyticsCSATLeadsA/B testsWebhooksTransparency
Webhooks · 連携

Webhooks

Add endpoint
Must be a public HTTPS endpoint that accepts POST requests.0/512512 characters left
Events are signed with HMAC-SHA256 using this secret. Verify the X-Alice-Signature header on your endpoint.0/40964096 characters left
Events to subscribe
  • A new visitor conversation opened. Fired once when the session begins.
  • Session closed. Fired when the conversation is finalised.
  • The agent handed the conversation off to a human (escalate_to_human ran).
  • A visitor submitted contact details through the in-chat lead form.
Endpoints for Lily
No webhook endpoints yet

Add an HTTPS endpoint below to start receiving events from this widget.

Available events
  • conversation.startedA new visitor conversation opened. Fired once when the session begins.
  • conversation.endedSession closed. Fired when the conversation is finalised.
  • escalation.triggeredThe agent handed the conversation off to a human (escalate_to_human ran).
  • lead.capturedA visitor submitted contact details through the in-chat lead form.

Allowed event types: conversation.started, conversation.ended, escalation.triggered, lead.captured

Sample payload
{
  "event":           "lead.captured",
  "widget_id":       "<your-widget-id>",
  "data": {
    "conversation_id": "ses_<id>",
    "visitor_id":      "vis_<id>",
    "has_email":       true,
    "has_phone":       false
  }
}

Each delivery includes an X-Alice-Signature header: HMAC-SHA256 of the raw body, prefixed v1=. Compare it to your server-side HMAC to verify authenticity.

Try it with curl
curl -X POST https://your-endpoint.example.com/hooks/openalice \
  -H 'content-type: application/json' \
  -H 'x-openalice-signature: v1=<hmac-sha256 of the raw body with your signing secret>' \
  -d '{"event":"lead.captured","widget_id":"<your-widget-id>","data":{"conversation_id":"ses_<id>","visitor_id":"vis_<id>","has_email":true,"has_phone":false}}'