Permissions
Webhooks can be set up and configured by users with developer permissions on a per-deal basis. Users can see which the deals for which they have developer permissions on their Dashboard.

Please contact the DealMaker team to set up developer permissions for each of your deals.
Configuring Webhooks
To configure your webhooks, click on the dropdown menu in the top right corner and select "Integrations".
Here, you can configure DealMaker to send webhooks to a URL on your server. Below, we'll discuss the available controls here, and how they relate to configuring your server to receive webhook payloads from DealMaker.
Enable Webhooks
Toggle this switch to enable the delivery of webhooks to the provided Payload URL. In the event of recurring delivery failures, webhook delivery will be automatically disabled after 6 failed attempts.
Payload URL
HTTP POST requests will be sent to this URL from DealMaker. Ensure that your server is configured to receive webhook payloads at this URL. Ensure that your server is able to receive payloads at this URL, and respond with appropriate HTTP status codes.
Any HTTP status other than 200 OK returned from your server will be considered a delivery failure.
We strongly recommend using HTTPS endpoints on your server to avoid the security vulnerabilities associated with unencrypted web traffic.
Secret
Setting a webhook secret allows you to ensure that POST requests sent to the payload URL are from DealMaker. When you set a secret, you'll receive the X-DealMaker-Signature header in the webhook POST request. You can generate a new secret, clear the secret, and copy the secret to your clipboard.
You can set up an environment variable for your server containing the secret, which you can use to verify the webhook payload in your server-side code:
See Payload Verification with DealMaker for more details on request verification using the secret.
Leaving the Secret field blank will result in the X-DealMaker-Signature header not being included with webhook payloads sent to your server. We strongly recommend against leaving this field blank as other methods of verifying payload authenticity are considerably less reliable.
Alerts Email
This email will be used to deliver error notifications in case of a delivery failure. The field is populated with the signed in user's email by default, but any valid email address can be used.
Add Deals
Search and select deals to add them to the endpoint you are setting up. You may select from any of the deals on which you are a team member. Because you may create any number of endpoints, you may choose to direct different deals to different endpoints, in whichever combination suits your usage. Here you may remove deals from the endpoint as well.
Saving your Configuration
Once you are satisfied with your webhook configuration, click Save Changes to ensure it is applied. You can return to Integrations to change this configuration, or disable webhooks altogether, at any time.
Multiple Endpoints
It is now possible to set up multiple endpoints. This means you may divert different deals to different destinations, or direct all deals to one endpoint, or any combination thereof.
Edit Endpoint
You may edit your endpoints at any time by clicking "edit endpoint" and editing the fields, then clicking "Save Changes to Endpoint"
Payload Verification with DealMaker
X-DealMaker-Signature
header. The signature is created by using the SHA1 algorithm to calculate an HMAC hex digest of the payload's body, with the secret token you defined serving as the key. The final header value is formed by prepending the resulting hash with the string sha1=
.- Access the raw body of the incoming request.
- Retrieve the
X-DealMaker-Signature
from the request header. - Calculate your own HMAC hex digest using SHA1 with your secret token and the raw payload body.
- Prepend the string
sha1=
to your calculated hash value. - Compare your prefixed, calculated hash with the signature received in the header.
hash_equals
in PHP, secure_compare
in Ruby) to prevent timing attacks. If the hashes match, you can be confident the request is from DealMaker and process the data. If they don't, your server should return an HTTP error code.Consistency Across Languages
Example Header
X-DealMaker-Signature
header will contain a value that is a combination of the sha1=
prefix and the calculated hash. The following is an example of how the complete header would appear:f95709971933b91a27e7d32c589a17409f582312
is the 40-character SHA1 HMAC hex digest of the payload body. Your verification logic should calculate the same hash and then add the sha1=
prefix before performing the comparison.Documentation
Please refer to our Developer Documentation for the latest guidelines on using Webhooks. You'll find detailed instructions on how to seamlessly integrate them with your portal and other platforms!