When you want your app to be notified when new data enters Qualtrics Social Connect, you can use our Automation Recipes.
Go to your account's settings and locate "Automation Recipes" in the sidebar. When you create a new recipe, one of the available actions will be "Trigger A Webhook".

Our clients use these Automation Recipe Webhooks for a variety of use cases;

• Be notified immediately when new data comes in, so your own app doesn't need to do expensive periodic polling for new data.
• Use the webhooks to trigger actions in external systems, e.g. using Zapier to translate webhooks to:
  • Triggering an email
  • Creating a case in Salesforce
  • ...

Read more about Automation Recipes and Webhooks in our Support Articles.

Webhook Verification

By default webhook requests aren't signed. However, as an extra security measure we can support HMAC-signing of these webhooks. Contact your CSM with and provide them your API client_id as well as a list of the Automation Recipes you want this enabled for.

Once enabled, HMAC-signatures of the webhooks can be verified as follows:

• Signatures will only be added if the Webhook HTTP method is set to POST.
• The signature is computed on the BODY of the POST request.
• To compute the signature we use the client_secret configured for a certain API Application (client_id). To see the client_secret associated with a certain client_id, the owner of the API Application can go use the Developer Portal.

• The method used for computing the signature is (in php):

                      $signature = base64_encode(
      hash_hmac(
          'sha256',
          $webhookBody,
          $clientSecret,
          true
      )
  );
                  

• The resulting signature will be added to the HTTP Request Headers as x-signature: $signature.