Using Productive's open API you can create custom integrations with various other apps. To automate that process, you can use webhooks.

With webhooks, instead of fetching data manually, you can subscribe to certain events when triggered. 

For example, you can notify your application when you create a deal, delete an invoice or update a time entry. 

Adding a Webhook

For the initial setup, go to Settings > Webhooks

Next, click on Add Webhook:

Data will be pushed to the desired destination you can enter in Target URL.

Add the name of the integration and select an event to trigger it under Fire After Event:

Click on Add Webhook to create the integration.

In the same menu, you can check the number of created webhooks. You can also edit and delete the webhook, or check its status by clicking on the name. 

Webhooks Retry  

For all webhook executions which do not respond with status code 2xx, the webhook will retry with 25 more executions for the next 48 hours. 

If three sequential events are unsuccessful, the integration will be deactivated. 

To learn more, visit our Developer Site

Webhooks list

The following webhooks are currently available in Productive:

  • Booking created

  • Booking deleted

  • Booking edited

  • Budget created

  • Budget deleted

  • Budget edited

  • Company archived

  • Company created

  • Company updated

  • Deal created

  • Deal deleted

  • Deal updated

  • Expense created

  • Expense deleted

  • Expense updated

  • Invoice created

  • Invoice deleted

  • Invoice updated

  • Payment created

  • Payment deleted

  • Payment updated

  • Person archived

  • Person created

  • Person updated

  • Project created

  • Project deleted

  • Project updated

  • Task created

  • Task deleted

  • Task updated

  • Time entry created

  • Time entry deleted

  • Time entry updated

Security and verification

Our webhooks use a signature in the webhook header for verification. In headers under 'Productive-Signature' you can find timestamp (in seconds) as a string prefixed with "t=" and signature prefixed with "s=". For example:

t=1629793288,s=280f5edcdb917262c25ec0e58944a97a0420cb4bac7e7eab0e8553b265772d2e

The signature is an HMAC with the SHA256 hash function. To verify the signature you should compute HMAC with webhook secret and string that is created concatenating:

  • the timestamp (in seconds as a string)

  • the character .

  • the JSON payload (the request body) of the webhook

Then compare the signature in the header with the generated signature. When they match, the webhook is verified.

You can find the webhooks secret in Productive under webhook logs in the top right corner of the screen:



Did this answer your question?