Workflow Actions

When an event occurs and the configured rules are matched, SalesIQ Workflows can trigger one of two action types:

Deluge Scripts

Deluge (Data Enriched Language for the Universal Grid Environment) is Zoho's in-house scripting language. It's designed to be simple, flexible, and powerful, with a drag-and-drop script builder that makes it easy to automate logic without writing complex code.

Deluge is ideal for:

  • Performing conditional logic
  • Triggering actions across Zoho apps (like CRM, Desk, Campaigns)
  • Calling external APIs for third-party integrations

Connection Interface

  • Deluge also offers a connection interface that makes it easier to securely connect with third-party services. You can authenticate and reuse API credentials (OAuth tokens, API keys, etc.) directly in your scripts, making integrations more secure and maintainable.

Working

Once an event occurs and its rules are matched, the associated Deluge script is executed. You can access event details through the built-in entity object.

Example: If a chat is rated as sad, you can use the conversation.rated event to automatically create a ticket in Zoho Desk or send an alert in Zoho Cliq using a Deluge script.

To get the visitor's name and rating from the event payload:

Copiedvisitor_name = entity.get("visitor").get("name");
visitor_rating = entity.get("rating");

You can retrieve any data sent with the event using this approach. The entity object holds the full payload structure.

Webhooks

Webhooks let you send real-time event data to external systems. Instead of polling an API repeatedly to check if something happened, the server (SalesIQ) sends a POST request to your specified URL as soon as the event occurs and rules match.

Webhooks are ideal for:

  • Real-time notifications
  • No polling required
  • Perfect for triggering automations in third-party tools (e.g., Slack, CRMs, ticketing systems)

Example: If a chat is rated sad, a webhook can notify your support team via Slack or create a task in your helpdesk tool.

Setup & Security

You can manage webhooks through the SalesIQ REST API.

Trusted Source Validation (Signature Verification)

Every webhook event triggered by SalesIQ is signed using the RSA Cryptosystem to ensure the integrity and authenticity of the payload.

Signature details

  • Algorithm: SHA256 with RSA
  • Encoding: Base64
  • Charset: UTF-8
  • Header: "x-siqsignature"

This signature allows your server to verify that the data received genuinely came from SalesIQ.

Working

SalesIQ generates a public/private key pair. You store the public key on your server.

  • SalesIQ generates a public/private key pair.
  • You store the public key on your server.
  • When your webhook receives a request, you:
    • Extract the x-siqsignature from the headers
    • Use the public key to verify the signature against the payload
  • If valid, you can trust the data source.

Signature header format

Copied{
  x-siqsignature: $signature
}

Webhook API endpoints

Key actionsEndpointMethodScope
Generate Public Key/api/v2/{screenname}/webhooks/{id}/keysPOSTSalesIQ.webhooks.CREATE
Delete Public Key/api/v2/{screenname}/webhooks/{id}/keys/{keyid}DELETESalesIQ.webhooks.DELETE

 

Secure Webhook Setup (Payload Structure)

To enable webhook security, you must set the secured flag to true when creating the webhook.

Example payload:

Copied{
  "webhook": {
    "url": "https://your-endpoint.com",
    "secured": true
  },
  "published": true
}

This setup ensures that SalesIQ signs the data and your system validates it before processing.

Note:

  • Auto-retry count: 3 attempts, retried every 1 minute.
  • Timeout per webhook execution: 5 seconds.
  • Error log retention period: 60 days.