Skip to main content
Webhooks let you push Boltcall event data to external systems the moment something happens. Every time a trigger event fires, Boltcall sends an HTTP POST request with a JSON payload to the URL you specify. Use webhooks to connect Boltcall to Zapier, Make.com, your own server, or any system that accepts HTTP requests. To manage webhooks, go to Dashboard → Integrations → Webhooks.

Trigger events

EventValueWhen it fires
New leadnew_leadA new lead is captured by your AI receptionist
Missed callmissed_callA call comes in but is not answered
Appointment bookedappointment_bookedAn appointment is confirmed
Call completedcall_completedA call ends
Review receivedreview_receivedA new review comes in via Google Business Profile

Create a webhook

1

Open the Webhooks tab

Go to Dashboard → Integrations → Webhooks and click Create Webhook.
2

Name your webhook

Enter an optional name to identify this webhook (e.g. “Zapier Lead Notification”). This is for your reference only.
3

Choose a trigger event

Select the event that should fire this webhook from the dropdown. Each webhook is tied to one event.
4

Enter your endpoint URL

Paste the URL that should receive the POST request (e.g. your Zapier Catch Hook URL or your own server endpoint).
5

Save

Click Create Webhook. The webhook is active immediately.
Before saving, click Preview payload to see the exact JSON your endpoint will receive for the selected trigger event.

Example payloads

{
  "event": "new_lead",
  "timestamp": "2025-03-20T10:00:00Z",
  "data": {
    "id": "lead_001",
    "name": "Jane Smith",
    "phone": "+1555123456",
    "email": "jane@example.com",
    "source": "missed_call",
    "agent_id": "agent_abc123"
  }
}

Webhook security

Each webhook has a signing secret generated automatically when you create it. Boltcall includes an HMAC-SHA256 signature in the X-Boltcall-Signature header of every request. You should verify this signature on your server to confirm the request genuinely came from Boltcall. 
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

// Express example
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-boltcall-signature'];
  const isValid = verifyWebhookSignature(req.body, signature, process.env.WEBHOOK_SECRET);

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  const event = JSON.parse(req.body);
  console.log('Received event:', event.event);

  res.status(200).send('OK');
});
To find your signing secret, go to Dashboard → Integrations → Webhooks, expand a webhook row, and click the copy icon next to Signing Secret.
Treat your signing secret like a password. Do not expose it in client-side code or commit it to version control.

Testing a webhook

Each webhook has a play button in its row. Clicking it sends a sample payload to your endpoint immediately, without waiting for a real event. After a test fires, expand the webhook row to see the result in the Event Log — including the HTTP status code, response body, and response time in milliseconds.
The event log shows the last 100 delivery attempts per webhook, including both test events and live events.

Pausing and deleting

To temporarily stop a webhook from firing, click the toggle icon in its row to pause it. Click again to reactivate. To permanently remove a webhook, click the trash icon in its row. Deletion is immediate and cannot be undone.

Retries

Boltcall does not automatically retry failed webhook deliveries. If your endpoint returns a non-2xx status code, the delivery is logged as failed in the event log. Use the test/replay feature to manually re-send a payload to your endpoint after resolving the issue.