Working with Webhook Tokens

Webhook Tokens are unique authentication keys designed for individual users on the Cliq platform. These tokens serve the purpose of authenticating incoming webhook calls from various sources. Each user is allowed to generate a maximum of 5 Webhook Tokens, ensuring secure and controlled access.


To connect webhooks with Cliq, you will be using endpoints that determine where the webhook message will be posted. Here are the different webhook endpoints available in Cliq and their respective descriptions:

  • Channels Message Endpoint: This endpoint enables you to post message notifications to a specific channel from any third-party application. By utilizing this endpoint, you can seamlessly relay important updates and information to designated Cliq channels.{$channel-unique-name}/message?zapikey={paste_webhook_token_here}
  • Bots : Bots have two endpoints:
    • Incoming webhook endpoint: The Bot Incoming Webhook Endpoint facilitates real-time notifications. When connected to this endpoint, your Cliq component can promptly receive and process notifications from external sources.{$bot-unique-name}/incoming?zapikey={paste_webhook_token_here}
    • Bot Message Endpoint: The Bot Message Endpoint can be used to send messages to the bot.{$bot-unique-name}/message?zapikey={paste_webhook_token_here}
  • Extensions:  If you have a Cliq Extension and wish to subscribe to events from a third-party application, the Extension Incoming Webhook Endpoint is the solution. By integrating with this endpoint, your extension can efficiently stay updated with relevant data. Extension webhook URLs have two endpoints:
    • Sandbox endpoint: This endpoint is during development for the developer to test the extension before publishing it on the marketplace.{$app-id}/incoming?appkey={$appkey}&zapikey={paste_webhook_token_here}
    • Marketplace endpoint: This endpoint is used for the published version of the extension.{$app-id}/incoming?appkey={$appkey}&zapikey={paste_webhook_token_here}

Two-Factor Authentication (2FA)

To ensure the security of your Webhook Tokens, Cliq implements Two-Factor Authentication (2FA) for accessing the Webhook Tokens module. This additional layer of security ensures that only authorized users can proceed to access, create, manage, and delete Webhook Tokens.

Accessing the Webhook Tokens Module,
Webhook Tokens are listed under the Bots & Tools section along with all the other internal tools. When navigated to the Webhook Tokens module, you will be required to authenticate using 2FA, verify your identity and click Continue. Once authenticated, you can create, edit, and manage your Webhook Tokens as needed. 

ⓘ  Note: The 2FA session for Webhook Tokens expires after 15 minutes. You'll need to re-authenticate using your 2FA method if the session times out.

By 2FA implementation for Webhook Tokens, Cliq ensures that only authorized users can access and manage these critical authentication keys. This additional security measure helps protect your integrations from potential threats and unauthorized access, providing you with peace of mind when working with third-party applications and services. 

Managing Webhook Tokens

In the Webhook Tokens module, click on Generate New Token to create a Webhook Token. All your Webhook Tokens will be listed under Generated Tokens. Different data about your tokens wil lbe displayed here such as its name, the token unique id, number of invocations, the last time it was invoked and its status.

Note:  It should be noted that you can only generate a maximum of 5 tokens at any specific time.

You can rename your webhook tokens by clicking on the name of the token.

You can also copy the tokens by clicking on the Copy to clipboard button that appears when you hover over them. The webhook token page also shows the number of invocations and the last invoked time of the webhook.  You can disable a token by clicking on its toggle switch under status (Any authentication that uses this token will not work till it's activated again). You also have the option to delete a token here.

Note : Deleting an active webhook token used in an integration will lead to failure. Make sure to replace a deleted webhook token with a new one for any existing integrations.

On clicking a token, you can view it's usage history. You also have the option to get a webhook URL directly from here by clicking on the "Get Webhook URL" button. On doing so, you get a popup where you can choose a module (channels, bots and extensions). Depending on the chosen module, the options will also get updated. Based on the chosen option, you will get the endpoints.