Webhooks: Send Nudji Events to Zapier or Your Own Tools
Register an endpoint and Nudji POSTs every nudge as a signed JSON event — how to set it up, the payload shape, and how to verify the signature.
Webhooks let you pipe engagement into anything: every time a nudge fires, Nudji POSTs a signed JSON event to your endpoint. Wire it into Zapier, Make, a spreadsheet, your CRM, or a custom service.
Available on Pro plan and active trial users.
Setting Up an Endpoint
- Go to Settings → Notifications → Webhooks.
- Paste your endpoint URL. It must be HTTPS and publicly reachable (private, internal, and non-HTTPS addresses are rejected).
- Choose Add. Nudji shows a signing secret once — copy it now; you won't be able to see it again (to rotate, delete the endpoint and add it back).
- Click Test to send a sample
test.pingevent and confirm your receiver works.
You can register up to five endpoints, and enable, disable, or remove each one at any time.
The Payload
Each delivery is a POST with a JSON body:
{
"event": "nudge.first_open",
"created_at": "2026-07-08T10:00:00.000Z",
"proposal": { "id": "…", "title": "Acme Proposal", "client_name": "Acme" },
"nudge": {
"type": "first_open",
"message": "Acme opened your proposal",
"suggested_action": "Follow up now while it's fresh"
}
}
The event is nudge.<type> — one of first_open, reopened, high_intent, multi_viewer, deep_read, bounce, unopened, or went_silent. Test deliveries use test.ping.
These headers accompany every request:
| Header | Meaning |
|---|---|
X-Nudji-Event | The event name (e.g. nudge.first_open) |
X-Nudji-Timestamp | Unix seconds when the event was sent |
X-Nudji-Signature | sha256=<hex> — see below |
Verifying the Signature
The signature is an HMAC-SHA256 of `${timestamp}.${rawBody}` using your endpoint's secret. Recompute it and compare (constant-time), and reject requests whose timestamp is old to prevent replays:
import crypto from "crypto";
function verify(rawBody, headers, secret) {
const ts = headers["x-nudji-timestamp"];
const expected = "sha256=" + crypto.createHmac("sha256", secret)
.update(`${ts}.${rawBody}`).digest("hex");
const sig = headers["x-nudji-signature"];
// reject if older than ~5 minutes
if (Math.abs(Date.now() / 1000 - Number(ts)) > 300) return false;
return crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
}
Quiet Hours
Webhooks are a data feed, not a human notification — they fire for every event, including during your quiet hours (unlike email, Slack, and browser push). This keeps integrations and syncs complete. If you only want off-hours events handled differently, add that filtering in your own integration.
Plan Considerations
- Downgrade from Pro: deliveries pause. Your endpoints stay saved and resume automatically if you upgrade again. You can remove them at any time.
- Upgrade to Pro: add an endpoint and events start flowing immediately.
Still have questions?
We're happy to help. Drop us a line and we'll get back to you within 24 hours.