Registering a Webhook
To your bot building platform with Zobot via Webhook, follow the steps:
- In Zoho SalesIQ, navigate to Settings > Bot, and click Zobot.
- Inside the bot builder, give your bot a Name.
- Then, you need to choose the platform to structure, configure, and train your assistant. You have three categories to choose from SalesIQ Platforms (Codeless bot builder, SalesIQ Scripts, Zia Skills) or Third-party platforms (Dialogflow, Watson Assistant, Azure Bot Service, and Webhook), or Vendor platforms (JioHaptik). Choose Webhooks and click Next.
- Then, configure your bot's profile and configuration, and finally click Next. You will be redirected to the Webhook configuration window.
- The Webhooks configuration window appears. Provide the URL to be invoked to create a connection.
- The URL will be pinged to get validated with the read time out of 5 seconds. If it is not reached within 5 seconds, an HTTP HEAD request gets triggered to the URL to check the status code 200.
Note: Ensure the webhook returns the response within 10 seconds. If not, the bot will not work.
- You can enable the Secure your webhook option to verify the data with a key pair validation. That is, if this option is enabled then while executing the Webhook we will create a signature for the payload data with the private key. The signature will be sent to the webhook server in the header name "x-siqsignature". The Webhook server should get the signature from the 'x-siqsignature' header, and verify it with the payload data received in their end and the public key using the same RSA Cryptosystem. If the verification fails, they can ensure that the data is tampered or not sent from SalesIQ.
- SalesIQ signs every webhook event passed on to the endpoint URL using RSA Cryptosystem. The generated Public key can be copied and saved in the endpoint server, which can later be used to check the authenticity of the data received with the signature attached. We will generate a public and a private key pair.
- Public Key: We display the public key in the UI, and the private key is hidden. The webhook server will store the public key. The public and the private keys are used for the security and verification purposes. This process ensures two layer security, they are:
- To ensure that the data is sent from the SalesIQ Server
- The data sent is not tampered.
- Maximum of two public keys are allowed for a Webhook. If only one public key is available, the delete option will not appear. The Oldest key will be used during execution, the key used will be indicated by the [In use] label.
- The Payload sent to the Webhook service will follow the same structure used in the SalesIQ Scripts. The Webhooks service should return the response in the SalesIQ message object format.