Webhooks in Kiteform
Webhooks allow you to instantly send information to another app or URL whenever a trigger event occurs, such as a Kiteform submission. This real-time notification enables you to create automated workflows and take action based on form entries.
Webhooks are available for all Kiteform users at no extra cost.
Looking for a Simpler Integration?
If you prefer a non-technical way to connect Kiteform submissions with other apps, explore our integration with Zapier.
How Webhooks Work
Webhooks notify a specified URL when an event occurs, such as a new form submission. When someone submits a Kiteform, the response data is sent to your URL in JSON format via a POST request.
Adding a Webhook
- Publish your form and navigate to the Integrations tab.
- Click Connect to Webhooks.
- Configure your webhook endpoint.
Endpoint URL Requirements:
- Must handle POST requests with a JSON payload.
- Should return a successful status code (2XX) within 10 seconds.
If your endpoint processing exceeds the 10-second limit, consider calling another internal service to handle the processing, allowing your endpoint to quickly respond with a success status code.
Adding Custom HTTP Headers
You have the option to configure custom HTTP headers to be sent with each webhook request. Simply click Add HTTP Headers and input the header name and value.
Securing Your Webhook with a Signing Secret
Secure your webhook requests by enabling a signing secret, which verifies that the request originated from Kiteform. When enabled, webhook requests will include a Kiteform-Signature header, containing a SHA256 cryptographic hash of the webhook payload.
Example Implementation in Python Flask:
from flask import Flask, request, jsonify
import hmac
import hashlib
import base64
app = Flask(__name__)
# Replace 'YOUR_SIGNING_SECRET' with your actual signing secret
your_signing_secret = 'YOUR_SIGNING_SECRET'
@app.route('/webhook', methods=['POST'])
def webhook():
# Get the webhook payload and signature from headers
webhook_payload = request.get_data()
received_signature = request.headers.get('Kiteform-Signature')
# Calculate the signature using the signing secret and payload
calculated_signature = base64.b64encode(
hmac.new(
your_signing_secret.encode(),
webhook_payload,
hashlib.sha256
).digest()
).decode()
# Compare received and calculated signatures
if received_signature == calculated_signature:
return 'Webhook received and processed successfully.', 200
else:
return 'Invalid signature.', 401
if __name__ == '__main__':
app.run(port=3000, debug=True)Handling Webhook Failures and Retry Logic
If a webhook endpoint does not return a successful status code (2XX) within 10 seconds, Kiteform will automatically retry the delivery according to the following schedule:
- 1st Retry: 5 minutes after the initial attempt.
- 2nd Retry: 30 minutes after the first retry fails.
- 3rd Retry: 1 hour after the second retry fails.
- 4th Retry: 6 hours after the third retry fails.
- 5th Retry: 1 day after the fourth retry fails.
If none of the five retries succeed and no successful response is received, the webhook will be automatically disabled.
Managing Webhooks
You can view all active webhook URLs in your form's integrations tab. You have the flexibility to connect multiple webhook URLs and can pause any of them by toggling the switch.
You can edit or delete your webhook using action button.