When you register a webhook and activate it, Prelude will send you an activation challenge request.

This is a GET request to the webhook endpoint with the following query parameters:

  • event: The event type. It will be always activate.
  • verification_token: The verification token, you set when you registered the webhook.
  • challenge: A random integer.
  • app_id: The application ID of the webhook.

To ensure a secure integration, when you receive this request you should:

  1. Verify that the app_id is the one you’d expect.
  2. Verify that the verification_token is the one you set when you registered the webhook.
  3. Return a 200 OK response with the challenge integer in the response body.

The webhook will be activated only after the verification challenge request is successful. If the verification challenge request fails, the GET /v2/session/apps/{appID}/webhooks/{webhookID}/activate will fail with a 400 Bad Request error and the webhook will not be activated.

Once the webhook is activated, you will start directly receiving events from Prelude.

Activation challenge response

The activation challenge response is a JSON object with the following properties:

challenge
number
required

The challenge you received as a query parameter in the webhook request.

Example:

1234567890