Webhooks allow third parties to subscribe to real-time events that occur in Olo’s system by providing an HTTPS endpoint that Olo will deliver event details to via HTTP POST. This self-service feature enables brands to create and manage their own webhooks and events for in-house or development partner recipients.
- If the Developer Tools section is missing, Dashboard users will need to check that they have Brand Manager and Developer Tools permissions, as well as Two Factor Authentication, enabled.
- Create only one Webhook per each combination of the following:
- Brand Channel
- Development Partner
- For example: Channel “X” can have a webhook in Production with Partner “Y” and a webhook in Production for internal use. They cannot have two webhooks for Partner “Y” in Production.
- Do add event subscriptions to existing webhooks instead of creating brand new webhooks for those new subscriptions.
- Do create a webhook specifically selecting only the events that a third party will need. If not sure please consult with your CSM.
- Do not select every event when creating a webhook due to uncertainty about what they do. If not sure please consult with your CSM.
- Do not create different Destination URLs for different event types -- all event types must be self-contained to a single Destination URL.
- Do not create subscriptions to the same set of events being sent to different Destination URLs, effectively forcing Olo’s system to send out duplicate events to the same partner.
Creating a Webhook
Access Dev Tools and then Webhooks and click on Add Webhook
Enter a unique webhook name with the developer partner’s name in parenthesis, for example: My Favorite Webhook(Google) and provide a valid Destination URL. If the development is in house then use the naming convention My Favorite Webhook(In-house). The URL will need to pass the TEST step so that the webhook can be published. A 64 character Shared Secret will be provided for you although you may also provide your own.
If you wish to enable OAuth you will be required to provide an Authorization URL, Client ID, and Client Secret to verify the authorization before you may publish the webhook. The Authorization Scope is an optional field should you wish to utilize it.
Select the event types which you would like to have sent to the destination URL receive, selecting only those which are required.
NOTE: Event types that include personally identifiable information will be denoted with a red triangle.
Once you are ready to publish, first Test the webhook to ensure that there are no issues sending and receiving. After receiving confirmation you will be able to publish.
On the main Webhooks page, you will be able to select the individual webhook you would like to edit or view logs for (most recent 10 events). Multiple webhooks can be deleted at one time.
NOTE: Only one webhook for each Development Partner is allowed; all events for that partner should be managed from the same webhook record.
When retrieving a webhook, the shared secret will be masked. If you would like to change the shared secret you will need to provide a new 64 character shared secret before publishing.
For each action taken on a webhook, an email notification will be sent to the users making the change. This is provided as an extra layer of security and auditing.