Webhook

Notifiche in tempo reale per messaggi SMS, WhatsApp ed Email in arrivo.

Panoramica

RCSZilla può inviare richieste HTTP POST al tuo server quando si verificano eventi specifici. Questo ti permette di creare integrazioni in tempo reale senza polling.

Campo	Descrizione	Configured in
`incoming_sms`	A new SMS message was received by your Android device.	Devices → Control → Webhooks tab
`incoming_whatsapp`	A new WhatsApp message was received by your Android device.	Devices → Control → Webhooks tab
`incoming_email`	A new email arrived in an IMAP inbox linked to your SMTP server.	Email Servers → Edit → Incoming Email (IMAP) section
`test`	A test event sent manually from the UI.	Same as above

Configurazione

Incoming SMS / WhatsApp Webhook

Go to Devices and click the control icon for your device.
Open the Webhooks tab.
Enter your endpoint URL (must accept POST, return 2xx within 10 seconds).
Optionally set a Webhook Secret for HMAC signature verification.
Click Save, then Send Test Webhook to verify.

Incoming Email Webhook

Go to Email Servers and edit (or add) a server.
Expand the Incoming Email (IMAP) section.
Enable IMAP polling and fill in the IMAP host, port, encryption, and credentials.
Enter a webhook URL and optional secret.
Save. A cron job checks for new emails every 2 minutes.

Formato della richiesta

Intestazioni

Header	Descrizione
`Content-Type`	`application/json`
`User-Agent`	`RCSZilla-Webhook/1.0`
`X-RCSZilla-Event`	Event type: `incoming_sms`, `incoming_whatsapp`, `incoming_email`, or `test`
`X-RCSZilla-Delivery`	Unique delivery ID (use for deduplication)
`X-RCSZilla-Signature`	`sha256=<hex-hmac>` — only present if you set a webhook secret. The HMAC is computed over the raw JSON body using SHA-256.

incoming_sms / incoming_whatsapp

Fired when the Android app calls submit_reply with a new message.

JSON

{
  "event": "incoming_sms",
  "timestamp": "2026-05-27T14:30:00Z",
  "data": {
    "id": 209,
    "from": "+40712345678",
    "message": "Yes, I want to book an appointment",
    "channel": "sms",
    "device_id": 6,
    "contact": {
      "id": 42,
      "name": "John Doe",
      "phone": "+40712345678"
    },
    "auto_reply": "Thanks! We will get back to you shortly."
  }
}

Campo

Campo	Tipo	Descrizione
`event`	string	`incoming_sms` or `incoming_whatsapp`
`timestamp`	string	ISO 8601 UTC timestamp
`data.id`	int	ID of the stored incoming message
`data.from`	string	Sender phone number
`data.message`	string	Message text
`data.channel`	string	`sms` or `whatsapp`
`data.device_id`	int	Device that received the message
`data.contact`	object\|null	Matched contact (id, name, phone) or null if unknown sender
`data.auto_reply`	string\|null	Auto-reply text sent back, or null if no rule matched

incoming_email

Fired when the IMAP cron finds a new email in the configured mailbox.

JSON

{
  "event": "incoming_email",
  "timestamp": "2026-05-27T14:30:00Z",
  "data": {
    "id": 310,
    "from_email": "customer@example.com",
    "from_name": "John Doe",
    "to_email": "support@yourbusiness.com",
    "subject": "Re: Your order #1234",
    "body_text": "Hi, when will my order arrive?",
    "received_at": "2026-05-27T14:28:00Z",
    "smtp_server_id": 5
  }
}

Campo

Campo	Tipo	Descrizione
`data.id`	int	ID of the stored email
`data.from_email`	string	Sender email address
`data.from_name`	string	Sender display name
`data.to_email`	string	Recipient (your mailbox)
`data.subject`	string	Email subject line
`data.body_text`	string	Plain-text body (first 2000 chars)
`data.received_at`	string	Original receive timestamp
`data.smtp_server_id`	int	Which SMTP/IMAP server received this

Verifica delle firme

If you configure a webhook secret, each delivery includes an X-RCSZilla-Signature header. Verify it like this:

PHP

<?php
$payload = file_get_contents('php://input');
$secret  = 'whsec_your_secret_here';

$header    = $_SERVER['HTTP_X_RCSZILLA_SIGNATURE'] ?? '';
$expected  = 'sha256=' . hash_hmac('sha256', $payload, $secret);

if (!hash_equals($expected, $header)) {
    http_response_code(401);
    exit('Invalid signature');
}

$data = json_decode($payload, true);
// Process the event...
http_response_code(200);
echo json_encode(['ok' => true]);

Node.js

const crypto = require('crypto');

app.post('/webhook', (req, res) => {
  const payload = JSON.stringify(req.body);
  const secret  = 'whsec_your_secret_here';
  const sig     = req.headers['x-rcszilla-signature'] || '';
  const expected = 'sha256=' + crypto.createHmac('sha256', secret)
                                      .update(payload).digest('hex');

  if (sig !== expected) return res.status(401).send('Invalid signature');

  const { event, data } = req.body;
  console.log(`Received ${event}:`, data);
  res.json({ ok: true });
});

Python

import hmac, hashlib, json
from flask import Flask, request, abort

app = Flask(__name__)
SECRET = 'whsec_your_secret_here'

@app.route('/webhook', methods=['POST'])
def webhook():
    payload = request.get_data()
    sig     = request.headers.get('X-RCSZilla-Signature', '')
    expected = 'sha256=' + hmac.new(
        SECRET.encode(), payload, hashlib.sha256
    ).hexdigest()

    if not hmac.compare_digest(sig, expected):
        abort(401)

    data = json.loads(payload)
    print(f"Event: {data['event']}", data['data'])
    return {'ok': True}

Politica di riprova

If your endpoint returns a non-2xx status code, times out (10 seconds), or is unreachable, the delivery is retried with exponential backoff:

Attempt	Delay
1st retry	1 minute
2nd retry	5 minutes
3rd retry	30 minutes
4th retry	2 hours
5th retry (final)	12 hours

After 5 failed attempts the webhook is marked as permanently failed. Successfully delivered webhooks are automatically cleaned up after 7 days. Failed deliveries are retained for 30 days.

Elenco consegne Webhook

GET /?endpoint=webhook_deliveries

Restituisce un elenco paginato di consegne webhook per l'utente autenticato, con contatori di stato e filtraggio opzionale.

Parametri di query

Campo	Tipo		Descrizione
`status`	string	opzionale	Filtra per stato: `pending`, `processing`, `sent` o `failed`.
`event_type`	string	opzionale	Filtra per tipo di evento: `incoming_sms`, `incoming_whatsapp`, `incoming_email` o `test`.
`limit`	int	opzionale	Risultati per pagina (1–100). Predefinito: 20.
`offset`	int	opzionale	Offset di paginazione. Predefinito: 0.

Esempio di richiesta

cURL

curl "https://api.rcszilla.com/?endpoint=webhook_deliveries&status=pending&limit=10" \
  -H "Authorization: Bearer YOUR-API-TOKEN"

Risposta

JSON

{
  "success": true,
  "total": 42,
  "limit": 10,
  "offset": 0,
  "counts": {
    "pending": 3,
    "sent": 38,
    "failed": 1
  },
  "deliveries": [
    {
      "id": 156,
      "event_type": "incoming_sms",
      "webhook_url": "https://your-server.com/hook",
      "status": "pending",
      "attempts": 0,
      "max_attempts": 5,
      "http_status": null,
      "last_error": null,
      "next_retry_at": "2026-05-27T14:31:00Z",
      "created_at": "2026-05-27T14:30:05",
      "last_attempt_at": null
    }
  ]
}

Contatori di stato

L'oggetto counts offre una panoramica rapida di tutti gli stati webhook senza sfogliare ogni consegna. Usalo per widget dashboard o controlli di salute.

Campo	Descrizione
`pending`	In coda, in attesa della prossima esecuzione cron o finestra di riprova.
`processing`	In corso di consegna dal worker cron.
`sent`	Consegnato con successo (HTTP 2xx). Pulito automaticamente dopo 7 giorni.
`failed`	Tutti i tentativi di riprova esauriti. Pulito automaticamente dopo 30 giorni.

Ottieni consegna Webhook

GET /?endpoint=webhook_delivery

Restituisce una singola consegna webhook per ID, includendo il payload completo che è stato (o sarà) inviato al tuo endpoint.

Parametri di query

Campo	Tipo		Descrizione
`id`	int	obbligatorio	L'ID di consegna restituito da `webhook_deliveries`.

Esempio di richiesta

cURL

curl "https://api.rcszilla.com/?endpoint=webhook_delivery&id=156" \
  -H "Authorization: Bearer YOUR-API-TOKEN"

Risposta

JSON

{
  "success": true,
  "delivery": {
    "id": 156,
    "event_type": "incoming_sms",
    "webhook_url": "https://your-server.com/hook",
    "payload": {
      "event": "incoming_sms",
      "timestamp": "2026-05-27T14:30:00Z",
      "data": {
        "id": 209,
        "from": "+40712345678",
        "message": "Yes, I want to book",
        "channel": "sms",
        "device_id": 6,
        "contact": {
          "id": 42,
          "name": "John Doe",
          "phone": "+40712345678"
        },
        "auto_reply": null
      }
    },
    "status": "sent",
    "attempts": 1,
    "max_attempts": 5,
    "http_status": 200,
    "last_error": null,
    "next_retry_at": null,
    "created_at": "2026-05-27T14:30:05",
    "last_attempt_at": "2026-05-27T14:30:08"
  }
}

Usa webhook_deliveries?status=failed per monitorare endpoint malfunzionanti, o status=pending per verificare la profondità della coda. Il campo counts nella risposta dell'elenco è ideale per dashboard di monitoraggio.

n8n Integration

To receive webhooks in n8n:

Add a Webhook node to your workflow and copy its URL.
Paste that URL into the webhook URL field in {APP_NAME} (Devices → Webhooks or Email Servers → IMAP).
Test to confirm n8n receives the event.
Connect downstream nodes to process the data (e.g., send a Slack message, update a CRM, trigger a reply).

Configurazione Cron

Add these cron jobs to your server:

crontab

# Fire pending webhooks (every minute)
* * * * * /usr/bin/php /path/to/send_sms/cron/process_webhook_queue.php

# Poll IMAP inboxes for new emails (every 2 minutes)
*/2 * * * * /usr/bin/php /path/to/send_sms/cron/process_incoming_emails.php