Webhook events in MSP Manager
When you create a webhook, you select one or more event types. MSP Manager sends a webhook notification each time a selected event occurs.
Supported webhook event types
MSP Manager supports the following webhook events:
Ticket events
- Ticket created
- Ticket updated
- Ticket deleted
Ticket note events
- Ticket note added
- Ticket note updated
- Ticket note deleted
Ticket response events
- Ticket response added
- Ticket response updated
- Ticket response deleted
Ticket attachment events
- Ticket attachment added
- Ticket attachment deleted
If you select multiple event types, MSP Manager sends a separate notification for each event. The payload identifies the event type so the receiving system can respond appropriately.
Important MSP Manager event type details
The following details help clarify how MSP Manager classifies events and structures webhook payloads.
Ticket notes versus ticket responses
Ticket notes and ticket responses are stored in the same TicketResponse table but represent different content:
- Notes are internal comments and use TicketResponseTypeId = Note
- Responses are customer-facing messages, typically emails, and use TicketResponseTypeId = Email
MSP Manager determines whether to send a note or response event based on the TicketResponseTypeId during create or update operations.
Ticket attachment events
Ticket attachments support only added and deleted events. MSP Manager does not send an updated event for attachments.
Payload content by event type
The payload structure varies by event type:
- Ticket created, updated, and deleted events:
- Include Details, which contains the full ticket body with embedded base64 images
- Include the AdditionalFields array
- Ticket note and ticket response events:
- Include Description, which contains the note or response content with embedded base64 image
- Include the AdditionalFields array
- Do not include ticket Details
- Ticket attachment events:
- Include the AdditionalFields array only
- Do not include Details or Description
Entity ID values
- For ticket events, entityId equals the TicketId.
- For note, response, and attachment events, entityId equals the child entity ID, such as NoteId, ResponseId, or AttachmentId. The payload also includes the TicketId.
Embedded images
Ticket Details and note or response Description fields embed images as base64 data.
Signing secrets for webhook integrations
To ensure webhook requests are authentic and haven’t been altered in transit, you can use signing secrets in MSP Manager. A signing secret is a shared value used to confirm that a webhook request was sent by MSP Manager and was not altered in transit.
When MSP Manager sends a webhook and a secret is configured, it calculates a signature based on the request body and the shared secret. The signature is included in the request header as X-Webhook-Signature.
For more information, see Webhook security and signing secrets.
Signature calculation algorithm
- Algorithm: HMAC-SHA256
- Input:
- The exact JSON body string (payload), interpreted as UTF-8
- The webhook’s shared secret, interpreted as UTF-8
- Output: The computed HMAC is Base64-encoded (not hexadecimal)
Consumer verification:
Recompute HMACSHA256(secret_utf8, body_utf8) and compare Base64-decoded X-Webhook-Signature (or Base64-encode your computed hash and compare strings), using the raw request body byte-for-byte as signed.
Related topics