Webhooks

Webhooks allow COMET to automatically send information or updates to other systems when specific events occur. They are a simple way for applications to “talk” to each other and keep data synchronized across platforms.

For example, you can use webhooks to notify an external system when a participant is confirmed for a course, or when another important event occurs in COMET.

Webhooks send automated messages to a predefined URL (endpoint) whenever a specific event occurs. Each message includes event details in a structured format (payload) so the receiving system can process it automatically.

Configuration

Webhooks can be configured in the Admin App under General → Integrations → Webhooks.

Here, administrators can view all existing webhook configurations and create new ones.

webhooks-20260123-113229.png

Webhooks List

In the Webhooks list view, you can see:

  • ID – unique identifier of the webhook

  • URL – the destination address where data will be sent

  • Description – short description of the webhook

  • Active – indicates if the webhook is currently enabled or disabled

Click Add to create a new webhook, or select an existing one to edit.

Manage Webhook

When managing a webhook, the configuration consists of several fields:

  • ID - autogenerated value

  • URL – required field where the event data will be published.

  • Description – an optional field to describe the purpose of the webhook.

  • Events – defines which event types will trigger the webhook (e.g., EventParticipant.confirm).

  • Active – toggle to enable or disable the webhook.

Once saved, COMET will automatically send a webhook to the defined URL whenever the selected event occurs.

Example

Suppose you define a webhook as follows:

  • URL: https://echo.zuplo.io/

  • Event: EventParticipant.confirm

  • Active: Yes

manage.png

This means that whenever a participant is confirmed on a course, whether via payment, direct approval, or a corrective status update, COMET will create a Webhook Request and send an event message to the specified URL.

Each event generates:

  • a Webhook Request (containing the event data), and

  • an Async Task, which ensures reliable delivery via COMET’s internal message queue.

Security

Webhook requests are digitally signed to verify that messages truly originate from COMET:

  • Each webhook request is signed using COMET’s private key.

  • The receiving system (a third party) verifies the signature using COMET’s public key.

  • If the signature is valid, the receiver can safely trust the message.

The public key can be accessed from: Admin App → General → Integrations → Webhooks.

The digital signature is generated from the HTTP request body and a timestamp.
Both the request signature and timestamp are included in the request header.

All key pairs are encrypted and securely stored in the database.