Skip to main content
Nudge Alerts

Webhooks: Send Nudji Events to Zapier or Your Own Tools

Register an endpoint and Nudji POSTs every nudge as a signed JSON event — how to set it up, the payload shape, and how to verify the signature.

Webhooks let you pipe engagement into anything: every time a nudge fires, Nudji POSTs a signed JSON event to your endpoint. Wire it into Zapier, Make, a spreadsheet, your CRM, or a custom service.

Available on Pro plan and active trial users.

Setting Up an Endpoint

  1. Go to Settings → Notifications → Webhooks.
  2. Paste your endpoint URL. It must be HTTPS and publicly reachable (private, internal, and non-HTTPS addresses are rejected).
  3. Choose Add. Nudji shows a signing secret once — copy it now; you won't be able to see it again (to rotate, delete the endpoint and add it back).
  4. Click Test to send a sample test.ping event and confirm your receiver works.

You can register up to five endpoints, and enable, disable, or remove each one at any time.

The Payload

Each delivery is a POST with a JSON body:

{
  "event": "nudge.first_open",
  "created_at": "2026-07-08T10:00:00.000Z",
  "proposal": { "id": "…", "title": "Acme Proposal", "client_name": "Acme" },
  "nudge": {
    "type": "first_open",
    "message": "Acme opened your proposal",
    "suggested_action": "Follow up now while it's fresh"
  }
}

The event is nudge.<type> — one of first_open, reopened, high_intent, multi_viewer, deep_read, bounce, unopened, or went_silent. Test deliveries use test.ping.

These headers accompany every request:

HeaderMeaning
X-Nudji-EventThe event name (e.g. nudge.first_open)
X-Nudji-TimestampUnix seconds when the event was sent
X-Nudji-Signaturesha256=<hex> — see below

Verifying the Signature

The signature is an HMAC-SHA256 of `${timestamp}.${rawBody}` using your endpoint's secret. Recompute it and compare (constant-time), and reject requests whose timestamp is old to prevent replays:

import crypto from "crypto";

function verify(rawBody, headers, secret) {
  const ts = headers["x-nudji-timestamp"];
  const expected = "sha256=" + crypto.createHmac("sha256", secret)
    .update(`${ts}.${rawBody}`).digest("hex");
  const sig = headers["x-nudji-signature"];
  // reject if older than ~5 minutes
  if (Math.abs(Date.now() / 1000 - Number(ts)) > 300) return false;
  return crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
}

Quiet Hours

Webhooks are a data feed, not a human notification — they fire for every event, including during your quiet hours (unlike email, Slack, and browser push). This keeps integrations and syncs complete. If you only want off-hours events handled differently, add that filtering in your own integration.

Plan Considerations

  • Downgrade from Pro: deliveries pause. Your endpoints stay saved and resume automatically if you upgrade again. You can remove them at any time.
  • Upgrade to Pro: add an endpoint and events start flowing immediately.

Still have questions?

We're happy to help. Drop us a line and we'll get back to you within 24 hours.

Webhooks: Send Nudji Events to Zapier or Your Own Tools — Nudji