Skip to content

Generic webhook setup

import { Steps, Aside } from “@astrojs/starlight/components”;

The generic webhook connection works with any system that can POST JSON and sign with a shared secret. It uses 2mee’s own HMAC-SHA256 scheme — use it when there’s no built-in connector for your system.

  1. Create a generic connection. In Settings → Integrations → Connect → Generic webhook, 2mee gives you a unique inbound URL and a secret:

    https://hooks.2mee.com/v1/in/ik_… secret: whsec_… (shown once)
  2. Send signed events. POST the ingest envelope to that URL, signing the raw body with the secret. Build the three headers exactly as in inbound signing:

    POST https://hooks.2mee.com/v1/in/ik_…
    Content-Type: application/json
    webhook-id: msg_01HZX9...
    webhook-timestamp: 1718703600
    webhook-signature: v1,<base64 HMAC-SHA256 of "{id}.{timestamp}.{rawBody}">
    { "version": "1", "messageId": "msg_01HZX9...", "occurredAt": "2026-06-18T10:00:00Z",
    "eventType": "purchase_completed", "clientUserId": "user_8842",
    "attributes": { "email": "sam@example.com", "plan": "pro" } }
  3. Map fields. On the flow’s Start node (or the connection), map payload fields to visitor attributes so your flow conditions can read them.

  4. Test. Send one event and confirm the connection shows it received, returning 202.

  1. Register an endpoint. In Settings → Integrations, register an outbound endpoint: an HTTPS URL and the event types it should receive. 2mee returns a signing secret (shown once).

  2. Verify what we send. 2mee POSTs the outbound envelope signed with that secret. Verify the signature and timestamp before trusting the body — see the verification snippets.

  3. Send a test event. Use Send test event to POST a signed sample and see your endpoint’s response.

  4. Add a webhook action to your flow. In the editor, add a webhook action on the step that should notify you (commonly the goal).

Both inbound and outbound secrets rotate with a dual-accept window: during rotation, both the old and new secret are accepted, so callers and receivers never see a gap.

  1. In Settings → Integrations, open the connection or endpoint and choose Rotate secret. 2mee shows the new secret (once) and a window end time.
  2. Update the secret in your system (or your verifier) before the window ends.
  3. After the window, only the new secret is valid.
Was this page helpful? Tell us / report an issue ↗