Webhooks
Echtzeit-Benachrichtigungen fรผr eingehende SMS-, WhatsApp- und E-Mail-Nachrichten.
รberblick
RCSZilla kann HTTP-POST-Anfragen an Ihren Server senden, wenn bestimmte Ereignisse auftreten. So kรถnnen Sie Echtzeit-Integrationen ohne Polling erstellen.
| Feld | Beschreibung | Configured in |
|---|---|---|
incoming_sms | A new SMS message was received by your Android device. | Devices → Control → Webhooks tab |
incoming_whatsapp | A new WhatsApp message was received by your Android device. | Devices → Control → Webhooks tab |
incoming_email | A new email arrived in an IMAP inbox linked to your SMTP server. | Email Servers → Edit → Incoming Email (IMAP) section |
test | A test event sent manually from the UI. | Same as above |
Einrichtung
Incoming SMS / WhatsApp Webhook
- Go to Devices and click the control icon for your device.
- Open the Webhooks tab.
- Enter your endpoint URL (must accept POST, return 2xx within 10 seconds).
- Optionally set a Webhook Secret for HMAC signature verification.
- Click Save, then Send Test Webhook to verify.
Incoming Email Webhook
- Go to Email Servers and edit (or add) a server.
- Expand the Incoming Email (IMAP) section.
- Enable IMAP polling and fill in the IMAP host, port, encryption, and credentials.
- Enter a webhook URL and optional secret.
- Save. A cron job checks for new emails every 2 minutes.
Anfrageformat
Header
| Header | Beschreibung |
|---|---|
Content-Type | application/json |
User-Agent | RCSZilla-Webhook/1.0 |
X-RCSZilla-Event | Event type: incoming_sms, incoming_whatsapp, incoming_email, or test |
X-RCSZilla-Delivery | Unique delivery ID (use for deduplication) |
X-RCSZilla-Signature | sha256=<hex-hmac> — only present if you set a webhook secret. The HMAC is computed over the raw JSON body using SHA-256. |
incoming_sms / incoming_whatsapp
Fired when the Android app calls submit_reply with a new message.
JSON
{
"event": "incoming_sms",
"timestamp": "2026-05-27T14:30:00Z",
"data": {
"id": 209,
"from": "+40712345678",
"message": "Yes, I want to book an appointment",
"channel": "sms",
"device_id": 6,
"contact": {
"id": 42,
"name": "John Doe",
"phone": "+40712345678"
},
"auto_reply": "Thanks! We will get back to you shortly."
}
}
Feld
| Feld | Typ | Beschreibung |
|---|---|---|
event | string | incoming_sms or incoming_whatsapp |
timestamp | string | ISO 8601 UTC timestamp |
data.id | int | ID of the stored incoming message |
data.from | string | Sender phone number |
data.message | string | Message text |
data.channel | string | sms or whatsapp |
data.device_id | int | Device that received the message |
data.contact | object|null | Matched contact (id, name, phone) or null if unknown sender |
data.auto_reply | string|null | Auto-reply text sent back, or null if no rule matched |
incoming_email
Fired when the IMAP cron finds a new email in the configured mailbox.
JSON
{
"event": "incoming_email",
"timestamp": "2026-05-27T14:30:00Z",
"data": {
"id": 310,
"from_email": "customer@example.com",
"from_name": "John Doe",
"to_email": "support@yourbusiness.com",
"subject": "Re: Your order #1234",
"body_text": "Hi, when will my order arrive?",
"received_at": "2026-05-27T14:28:00Z",
"smtp_server_id": 5
}
}
Feld
| Feld | Typ | Beschreibung |
|---|---|---|
data.id | int | ID of the stored email |
data.from_email | string | Sender email address |
data.from_name | string | Sender display name |
data.to_email | string | Recipient (your mailbox) |
data.subject | string | Email subject line |
data.body_text | string | Plain-text body (first 2000 chars) |
data.received_at | string | Original receive timestamp |
data.smtp_server_id | int | Which SMTP/IMAP server received this |
Signaturverifizierung
If you configure a webhook secret, each delivery includes an X-RCSZilla-Signature header. Verify it like this:
PHP
<?php
$payload = file_get_contents('php://input');
$secret = 'whsec_your_secret_here';
$header = $_SERVER['HTTP_X_RCSZILLA_SIGNATURE'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $payload, $secret);
if (!hash_equals($expected, $header)) {
http_response_code(401);
exit('Invalid signature');
}
$data = json_decode($payload, true);
// Process the event...
http_response_code(200);
echo json_encode(['ok' => true]);
Node.js
const crypto = require('crypto');
app.post('/webhook', (req, res) => {
const payload = JSON.stringify(req.body);
const secret = 'whsec_your_secret_here';
const sig = req.headers['x-rcszilla-signature'] || '';
const expected = 'sha256=' + crypto.createHmac('sha256', secret)
.update(payload).digest('hex');
if (sig !== expected) return res.status(401).send('Invalid signature');
const { event, data } = req.body;
console.log(`Received ${event}:`, data);
res.json({ ok: true });
});
Python
import hmac, hashlib, json
from flask import Flask, request, abort
app = Flask(__name__)
SECRET = 'whsec_your_secret_here'
@app.route('/webhook', methods=['POST'])
def webhook():
payload = request.get_data()
sig = request.headers.get('X-RCSZilla-Signature', '')
expected = 'sha256=' + hmac.new(
SECRET.encode(), payload, hashlib.sha256
).hexdigest()
if not hmac.compare_digest(sig, expected):
abort(401)
data = json.loads(payload)
print(f"Event: {data['event']}", data['data'])
return {'ok': True}
Wiederholungsrichtlinie
If your endpoint returns a non-2xx status code, times out (10 seconds), or is unreachable, the delivery is retried with exponential backoff:
| Attempt | Delay |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry (final) | 12 hours |
After 5 failed attempts the webhook is marked as permanently failed. Successfully delivered webhooks are automatically cleaned up after 7 days. Failed deliveries are retained for 30 days.
Webhook-Zustellungen auflisten
Gibt eine paginierte Liste von Webhook-Zustellungen fรผr den authentifizierten Benutzer zurรผck, mit Statuszรคhlern und optionaler Filterung.
Abfrageparameter
| Feld | Typ | Beschreibung | |
|---|---|---|---|
status | string | optional | Nach Status filtern: pending, processing, sent oder failed. |
event_type | string | optional | Nach Ereignistyp filtern: incoming_sms, incoming_whatsapp, incoming_email oder test. |
limit | int | optional | Ergebnisse pro Seite (1โ100). Standard: 20. |
offset | int | optional | Paginierungs-Offset. Standard: 0. |
Beispielanfrage
cURL
curl "https://api.rcszilla.com/?endpoint=webhook_deliveries&status=pending&limit=10" \ -H "Authorization: Bearer YOUR-API-TOKEN"
Antwort
JSON
{
"success": true,
"total": 42,
"limit": 10,
"offset": 0,
"counts": {
"pending": 3,
"sent": 38,
"failed": 1
},
"deliveries": [
{
"id": 156,
"event_type": "incoming_sms",
"webhook_url": "https://your-server.com/hook",
"status": "pending",
"attempts": 0,
"max_attempts": 5,
"http_status": null,
"last_error": null,
"next_retry_at": "2026-05-27T14:31:00Z",
"created_at": "2026-05-27T14:30:05",
"last_attempt_at": null
}
]
}
Statuszรคhler
Das counts-Objekt bietet einen schnellen รberblick รผber alle Webhook-Zustรคnde, ohne jede Zustellung durchblรคttern zu mรผssen. Verwenden Sie es fรผr Dashboard-Widgets oder Gesundheitsprรผfungen.
| Feld | Beschreibung |
|---|---|
pending | In der Warteschlange, wartet auf nรคchsten Cron-Lauf oder Wiederholungsfenster. |
processing | Wird gerade vom Cron-Worker zugestellt. |
sent | Erfolgreich zugestellt (HTTP 2xx). Nach 7 Tagen automatisch bereinigt. |
failed | Alle Wiederholungsversuche erschรถpft. Nach 30 Tagen automatisch bereinigt. |
Webhook-Zustellung abrufen
Gibt eine einzelne Webhook-Zustellung nach ID zurรผck, einschlieรlich des vollstรคndigen Payloads, der an Ihren Endpunkt gesendet wurde (oder wird).
Abfrageparameter
| Feld | Typ | Beschreibung | |
|---|---|---|---|
id | int | erforderlich | Die Zustellungs-ID, die von webhook_deliveries zurรผckgegeben wird. |
Beispielanfrage
cURL
curl "https://api.rcszilla.com/?endpoint=webhook_delivery&id=156" \ -H "Authorization: Bearer YOUR-API-TOKEN"
Antwort
JSON
{
"success": true,
"delivery": {
"id": 156,
"event_type": "incoming_sms",
"webhook_url": "https://your-server.com/hook",
"payload": {
"event": "incoming_sms",
"timestamp": "2026-05-27T14:30:00Z",
"data": {
"id": 209,
"from": "+40712345678",
"message": "Yes, I want to book",
"channel": "sms",
"device_id": 6,
"contact": {
"id": 42,
"name": "John Doe",
"phone": "+40712345678"
},
"auto_reply": null
}
},
"status": "sent",
"attempts": 1,
"max_attempts": 5,
"http_status": 200,
"last_error": null,
"next_retry_at": null,
"created_at": "2026-05-27T14:30:05",
"last_attempt_at": "2026-05-27T14:30:08"
}
}
Verwenden Sie
webhook_deliveries?status=failed um defekte Endpunkte zu รผberwachen, oder status=pending um die Warteschlangentiefe zu prรผfen. Das counts-Feld in der Listenantwort ist ideal fรผr รberwachungs-Dashboards.n8n Integration
To receive webhooks in n8n:
- Add a Webhook node to your workflow and copy its URL.
- Paste that URL into the webhook URL field in {APP_NAME} (Devices → Webhooks or Email Servers → IMAP).
- Test to confirm n8n receives the event.
- Connect downstream nodes to process the data (e.g., send a Slack message, update a CRM, trigger a reply).
Cron-Einrichtung
Add these cron jobs to your server:
crontab
# Fire pending webhooks (every minute) * * * * * /usr/bin/php /path/to/send_sms/cron/process_webhook_queue.php # Poll IMAP inboxes for new emails (every 2 minutes) */2 * * * * /usr/bin/php /path/to/send_sms/cron/process_incoming_emails.php