Webhooks allow third parties to subscribe to real-time events that occur in Olo’s system by providing an HTTPS endpoint that Olo will deliver event details to via HTTP POST. This self-service feature enables brands to create and manage their own webhooks and events for in-house or development partner recipients.
In order to successfully test a webhook before publishing in Dev Tools, the receiving party must have a listener URL ready to receive and successfully respond to the Test Event. Developers can consult Olo Developer Portal Webhook documentation for additional detail on the Test Event.
- If the Developer Tools section is missing, Dashboard users should check that they have Brand Manager and Developer Tools permissions, as well as Two Factor Authentication enabled in Dashboard Account Settings.
- If you are the Brand Administrator role and do not see the Developer Tools permission please reach out to the Olo support team.
- To consult on what webhook events might best serve your use case please contact your Olo brand contact.
- For any technical questions related to webhooks API integrations please contact email@example.com
- Create only one Webhook per each combination of the following:
- Brand Channel
- Development Partner
- For example: Channel “X” can have a webhook in Production with Partner “Y” and a webhook in Production for internal use. They cannot have two webhooks for Partner “Y” in Production.
- Do add event subscriptions to existing webhooks instead of creating brand new webhooks for those new subscriptions.
- Do create a webhook specifically selecting only the events that a third party will need. If not sure please consult with your CSM.
- Do not select every event when creating a webhook due to uncertainty about what they do. If not sure please consult with your CSM.
- Do not create different Destination URLs for different event types -- all event types must be self-contained to a single Destination URL.
- Do not create subscriptions to the same set of events being sent to different Destination URLs, effectively forcing Olo’s system to send out duplicate events to the same partner.
Creating a Webhook
Access Dev Tools and then Webhooks and click on Add Webhook
Enter a unique webhook name with the developer partner’s name in parenthesis, for example: My Favorite Webhook(Google) and provide a valid Destination URL. If the development is in house then use the naming convention My Favorite Webhook(In-house). The URL will need to pass the TEST step so that the webhook can be published. A 64 character Shared Secret will be provided for you although you may also provide your own. You will need to copy this Shared Secret to provide to your development team so that they recognize the webhook as coming from Olo.
If you wish to enable OAuth you will be required to provide an Authorization URL, Client ID, and Client Secret to verify the authorization before you may publish the webhook. The Authorization Scope is an optional field should you wish to utilize it.
Select the event types which you would like to have sent to the destination URL receive, selecting only those which are required.
NOTE: Event types that include personally identifiable information will be denoted with a red triangle.
Once you are ready to publish, first Test the webhook to ensure that there are no issues sending and receiving. After receiving confirmation you will be able to publish.
On the main Webhooks page, using the checkbox you are able to select the individual webhook you would like to edit. Once you select the webhook the edit and delete buttons will appear. Multiple webhooks can be selected and deleted at one time.
NOTE: Only one webhook for each Development Partner is allowed; all events for that partner should be managed from the same webhook record.
When retrieving a webhook, the shared secret will be masked. If you would like to change the shared secret you will need to provide a new 64 character shared secret before publishing.
For each action taken on a webhook, an email notification will be sent to the users making the change. This is provided as an extra layer of security and auditing.