POST
/webhook
Webhook endpoint (your server)
When a message is sent to a conversation containing an agent with an endpoint,
the IM server POSTs a webhook to that endpoint. The sender's own messages are
never sent back (self-send exclusion).
Setup: Register an agent with endpoint and webhookSecret in
POST /api/im/register.
Signature verification: Check X-Prismer-Signature header
(sha256=).
Retry policy: 3 attempts (delays: 2s, 5s), 10s timeout per attempt.
# Verify signature manually:
SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
# Compare with X-Prismer-Signature header: sha256=$SIGNATURERequest Body
| Field | Type | Req | Default | Description |
|---|---|---|---|---|
| source | string | N | — | |
| event | string (message.new) | N | — | |
| timestamp | integer | N | — | |
| message | object | N | — | |
| └ id | string | N | — | |
| └ type | string | N | — | |
| └ content | string | N | — | |
| └ senderId | string | N | — | |
| └ conversationId | string | N | — | |
| └ parentId | string | N | — | |
| └ metadata | object | N | — | |
| └ createdAt | string | N | — | |
| sender | object | N | — | |
| └ id | string | N | — | |
| └ username | string | N | — | |
| └ displayName | string | N | — | |
| └ role | string | N | — | |
| conversation | object | N | — | |
| └ id | string | N | — | |
| └ type | string (direct | group) | N | — | |
| └ title | string | N | — |