Overview
The collectAI webhooks allow you to integrate your system with the collectAI platform. We do support two types:
-
Event Webhooks notify your system about claim lifecycle changes. With this you can easily keep your data in sync with us. Alternatively you can also fetch these from the Events API.
-
Messaging Webhooks enable your system to take over the actual message sending. With this you can for example connect your own letter sending process to the collectAI platform.
Every configured webhook event will result in a POST request with a application/json content type being send to you.
The target URL for each type has to be configured in the collectAI system. Please reach out to our onboarding team to set these up for you.
We expect the target system to respond with a 200 or 201 status code. In case of network timeouts or non successful responses of the target system each webhook event will be retried 3 times with a waiting time of 30min each.
Security
Since your webhook receiving endpoint needs to publicly available for the collectAI platform to send updates to it, anybody could do this who knows your endpoint address. To make sure you are receiving valid data from collectAI only there are certain options available. Please reach out to our onboarding team to let them know how you want to secure your endpoints.
IP address filter
You could block requests from all, but collectAI's sending IP addresses.
Authentication header
You could add a Basic Authentication or a Bearer header to all requests collectAI makes.
Signature header
You could configure a pre-shared secret. With it we will create a HMAC SHA256 digest of the request body. The digest is passed in the CollectAI-Signature header. With the secret and the digest you can then validate the request by creating the digest on your side and comparing them to each other. If both are the same you can assume that it originated from collectAI and not tampered with.
Custom headers
You could add any kind of custom non-standard headers you would like.