Webhook Management

Webhooks

Overview

Webhooks allow you to receive real-time notifications about events during client interactions with Amigo. This guide explains how to set up, secure, and manage webhooks for your application.

Webhook Destinations

Your organization can configure up to 10 webhook destination URLs. For each destination, you can specify:

• Event types to receive

• Number of retry attempts for failed deliveries

Managing Webhook Destinations

Use these endpoints to manage your webhook destinations

Delivery Retries

If the initial webhook delivery fails, Amigo automatically retries with exponential backoff:

• Up to 4 additional retry attempts (configurable via retry_attempts)

• Retry intervals: 5, 10, 20, and 20 seconds

You can view all webhook delivery attempts from the past 30 days using the "Get webhook deliveries" endpoint.

Security

Webhook Signatures

Each webhook request includes a signature to verify its authenticity:

1. When creating a webhook destination, you'll receive a secret in the response

2. Store this secret securely - it's used to sign all webhook requests

3. When receiving a webhook, validate the signature to confirm it came from Amigo

Headers

All webhook requests include these headers:

Signature Verification

To verify a webhook:

1. Concatenate v1:{x-amigo-request-timestamp}:{webhook-body}

2. Compute HMAC-SHA256 using your secret

3. Compare with the x-amigo-request-signature header value

Secret Rotation

For enhanced security, rotate your webhook secret periodically:

1. Call the "Rotate the secret of a webhook destination" endpoint

2. You'll receive a new secret in the response

3. For 30 minutes after rotation, Amigo sends two signatures with each webhook:

   • One using the old secret

   • One using the new secret

4. This dual-signing period ends at the timestamp specified in dual_signing_stops_at

5. Update your verification logic to accept either signature during this transition period

This approach enables zero-downtime rotation of webhook secrets.

Types of Webhooks

Amigo supports the following webhook event types that your application can subscribe to:

conversation-post-processing-complete

This webhook is emitted when any post-processing analysis for a conversation has completed successfully. Post-processing operations run asynchronously after conversations conclude and perform various analytical functions.

Payload structure:

{
    // The webhook event type
    type: "conversation-post-processing-complete",
    
    // The specific post-processing operation that completed
    post_processing_type: "generate-tasks" | "generate-user-models" | "extract-memories" | "compute-metrics",
    
    // Unique identifier for the conversation that was analyzed
    conversation_id: string,
    
    // Your organization's unique identifier
    org_id: string
}

Post-processing types:

• generate-tasks: Analyzes completed conversations to identify actionable tasks based on conversation content and commitments made.

• generate-user-models: Updates the L2 user model by synthesizing insights from the conversation, enhancing future personalization and contextual awareness.

• extract-memories: Identifies and stores key information as structured memories in the L1 observations layer for future recall.

• compute-metrics: Calculates conversation performance metrics based on your configured evaluation criteria to measure effectiveness and quality.

These post-processing operations are part of Amigo's separation between live session systems (which handle real-time interactions) and post-processing systems (which perform deeper analysis after sessions conclude). For more information, see Live Session vs. Post-Processing.