Webhooks provide real-time callbacks to the server when device events happen in an ecosystem. They are also directly associated with the ecosystem they monitor. Webhooks can be configured through the developer portal or fully managed from the API. Every event that occurs creates a separate webhook.

The following event types spawn a webhook.

  • Event: Occurs when a device service event spawns.
  • Get: A device service's property is accessed.
  • Set: A device service's property is set.
  • Call: Occurs when a device service method is called.
  • Changed: Occurs when a device service's property is changed.
  • Info: A device's information has been received.
  • Error: Occurs when a device encounters an error.

“Get,” “Set,” and “Call” types all spawn from an explicit invocation. “Changed,” “Event”, and “Error” types occur automatically.

Filters may be applied that determine which events spawn webhooks.

It is possible that several notifications will be captured by the webhook simultaneously. In the case of such an event, each notification will have its own entry in the "items" array of each transaction.


Webhook endpoints are open to the internet to be called from anywhere. In order to verify that a call has come from the Droplit.io servers, use a secret key.

Providing a secret key in the webhook configuration will add an SHA-256 HMAC hexdigest to webhook calls in an x-droplit-signature HTTP request header. The receiving application may then compare this signature with its own SHA-256 HMAC digest generated from the same secret to ensure the webhook call originated from the Droplit.io servers.