Using Productive's open API, you can easily create tailored integrations with a variety of other applications. Webhooks provide an automated solution to help simplify this process.
Instead of manually retrieving data, webhooks allow you to subscribe to specific events that trigger actions. For example, you can notify your application when you create a deal, delete an invoice, or change a time entry.
Webhooks are available on the Ultimate subscription plan.
Adding a Webhook
1) For the initial setup, head over to Settings > Webhooks.
2) Next, click on "Add Webhook".
3) Data will be pushed to the desired destination you can enter in Target URL.
Add the name of the integration and select an event to trigger it under "Fire After Event".
Click on "Add Webhook" to create the integration.
Tip: In the same menu, you can check the number of created webhooks.
You can also edit and delete the webhook, or check its status by clicking on the name.
Webhooks Retry
If a webhook execution fails to respond with a status code 2xx, it will undergo 12 additional retry attempts over the next 48 hours.
In the event of three consecutive failures, you will receive a notification. After 12 unsuccessful attempts, the webhook will be deactivated. Retry attempts are made every 12 hours.
To learn more, visit our Developer Site.
Webhooks List
The following webhooks are currently available in Productive:
Booking created
Booking deleted
Booking edited
Budget created
Budget deleted
Budget edited
Company archived
Company created
Company updated
Deal created
Deal deleted
Deal updated
Expense created
Expense deleted
Expense updated
Invoice created
Invoice deleted
Invoice updated
Payment created
Payment deleted
Payment updated
Person archived
Person created
Person updated
Project created
Project deleted
Project updated
Task created
Task deleted
Task updated
Time entry created
Time entry deleted
Time entry updated
Testing the Webhook
After the webhook has been created, you can also test it by sending a sample webhook and see if everything is working as expected:
From the same menu, you can also add Custom headers that will contain additional information.
Security and Verification
Our webhooks utilize a signature in the webhook header for verification. Within the headers, under 'Productive-Signature', you'll find a timestamp (in seconds) as a string prefixed with "t=" and a signature prefixed with "s=".
Example:
t=1629793288
s=280f5edcdb917262c25ec0e58944a97a0420cb4bac7e7eab0e8553b265772d2e
The signature is computed using HMAC with the SHA256 hash function. To verify the signature, compute HMAC with the webhook secret and a string created by concatenating:
The timestamp (in seconds as a string)
A period character '.'
The JSON payload (the request body) of the webhook
Then, compare the signature in the header with the generated signature. When they match, the webhook is verified.
You can locate the webhook secret in Productive under webhook logs in the top right corner of the screen.
Important!
To speed up the process, logs for successfully sent webhooks are no longer displayed.
Given that the list can quickly grow in length, displaying too much data on-screen may degrade the user experience and possibly cause browser page unresponsiveness.
As a result, only logs for unsuccessfully sent webhooks will be displayed.
However, test webhooks will always be displayed because they are used for system testing.
Webhook Limits
It is possible to have a maximum of 25 active webhooks simultaneously. Currently, the same limit applies to Ultimate, Premium, and Enterprise plans.
Custom Permissions
For detailed control over who can manage webhooks, see our article on Managing Access to Webhook and Zapier Settings to set up appropriate permissions.