Inbound Webhook Receivers
These routes receive events from external systems and convert them into Linquid actions (conversions, notifications, automations, and data sync).Provider webhook routes
Stripe integration callbacks
POST /api/integrations/webhooks/stripe
Shopify callbacks
POST /api/integrations/webhooks/shopify
HubSpot callbacks
POST /api/integrations/webhooks/hubspot/:installationIdPOST /api/integrations/webhooks/hubspot
Slack callbacks
POST /api/integrations/webhooks/slack/eventsPOST /api/integrations/webhooks/slack/commandsPOST /api/integrations/webhooks/slack/notify/:installationId
Zapier automation endpoints
POST /api/integrations/webhooks/zapier/subscribeDELETE /api/integrations/webhooks/zapier/subscribe/:idGET /api/integrations/webhooks/zapier/sample/:eventGET /api/integrations/webhooks/zapier/perform-list/linksGET /api/integrations/webhooks/zapier/perform-list/campaignsGET /api/integrations/webhooks/zapier/eventsPOST /api/integrations/webhooks/zapier/test
Security model
- Provider receivers do not use dashboard session CSRF flow.
- Each provider route validates signatures/tokens using provider-specific mechanisms.
- Unknown or invalid installations/signatures are rejected before processing.
Processing behavior
- Handlers write idempotency/event logs where applicable.
- Successful processing can create conversion/customer side effects and downstream webhook publications.
- Failures are surfaced as provider callback errors and/or installation error state updates.