Create and manage webhooks

The webhook API lets you store webhook configurations inside Alga PSA itself. You can create outgoing webhook definitions, choose event types, configure security, and inspect delivery analytics and history.

Endpoints used in this guide

Minimal create payload

The main required fields are name, url, and at least one event_types entry. The schema also supports security settings, payload transformations, retry configuration, and optional rate limits.

curl -X POST "https://algapsa.com/api/v1/webhooks" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $ALGA_API_KEY" \
  -d '{
    "name": "Ticket notifications",
    "url": "https://example.com/webhooks/alga",
    "method": "POST",
    "event_types": ["ticket.created", "ticket.updated"],
    "payload_format": "json",
    "security": {
      "type": "hmac_signature",
      "secret": "replace-me",
      "algorithm": "sha256",
      "signature_header": "X-Signature"
    },
    "is_active": true,
    "verify_ssl": true
  }'

Pick event types intentionally

The schema includes ticket, project, client, contact, invoice, asset, system, and workflow-style event names. A practical pattern is to start with one or two event types and expand only after you have good downstream handling.

curl -X GET "https://algapsa.com/api/v1/webhooks/events" \
  -H "X-API-Key: $ALGA_API_KEY"

List and inspect configurations

curl -X GET "https://algapsa.com/api/v1/webhooks?page=1&limit=25" \
  -H "X-API-Key: $ALGA_API_KEY"

curl -X GET "https://algapsa.com/api/v1/webhooks/$WEBHOOK_ID" \
  -H "X-API-Key: $ALGA_API_KEY"

curl -X GET "https://algapsa.com/api/v1/webhooks/$WEBHOOK_ID/analytics" \
  -H "X-API-Key: $ALGA_API_KEY"

Design notes

• Choose a dedicated endpoint in your own system for each webhook stream rather than multiplexing unrelated events together.
• Use HMAC signatures when you can, because they make inbound verification much easier.
• Keep transformations small at first. It is easier to add fields later than to unwind a brittle template.