Custom Webhooks¶
Beta
This documentation describes the custom integration webhook receiver. Specific payload structures and configuration options may evolve. If you encounter differences, please report an issue.
Custom webhooks allow your systems to send events into Dxtra for privacy processing. When something happens in your application (a customer signs up, updates preferences, requests data deletion), you send an HTTP POST to Dxtra's webhook endpoint, and the event flows through the standard PII extraction and compliance pipeline.
Inbound vs outbound webhooks
This page covers inbound webhooks — your systems sending events to Dxtra. If you need Dxtra to notify your systems when events occur (outbound), that is handled by Hasura Event Triggers, which are configured separately through the platform's event system.
How it works¶
Your System Dxtra (Conduit)
│ │
│ POST with event data │
├────────────────────────►
│ (encrypted token auth) │
│ ├─► PII extraction pipeline
│ ├─► Compliance processing
│ 200 OK ├─► Audit trail
│ ◄────────────────────────
│ │
- You configure a custom integration in the Dxtra dashboard
- Dxtra generates a webhook URL containing your data controller DID and data processor ID, plus separate API credentials (API key and webhook secret) for use in request headers.
- Your system sends HTTP POST requests to that URL with event data
- Dxtra processes the payload through its PII extraction pipeline
- Events are logged in the compliance audit trail
Webhook URL format¶
Custom integration webhook URLs follow this pattern:
https://conduit.dxtra.ai/api/v1/integrations/custom/event?did={data_controller_did}&dpid={data_processor_id}
The URL contains two query parameters: did (your data controller DID) and dpid (your data processor ID). Requests must include Authorization: Bearer <webhook_auth> and x-webhook-secret: <webhook_auth> headers, where the credential value is the webhookAuth field returned when you create the integration.
Keep your webhook URL secret
The webhook URL contains an encrypted authentication token. Treat it like an API key — do not expose it in client-side code, public repositories, or logs.
Setting up a custom webhook integration¶
Step 1: Create the integration¶
In the Dxtra dashboard, navigate to Integrations and create a new Custom integration. Configure:
- Integration name — A descriptive name for this data source
- Payload structure — Define the expected fields and their mapping to Dxtra's data model
Step 2: Get the webhook URL¶
After creating the integration, Dxtra generates a webhook URL with an encrypted token. Copy this URL — you will configure your system to send events to it.
Step 3: Configure your system¶
Set up your application to send HTTP POST requests to the webhook URL when relevant events occur:
curl -X POST \
"https://conduit.dxtra.ai/api/v1/integrations/custom/event?did={data_controller_did}&dpid={data_processor_id}" \
-H "Authorization: Bearer {webhook_auth}" \
-H "x-webhook-secret: {webhook_auth}" \
-H "Content-Type: application/json" \
-d '{
"event": "account_created",
"triggeredAt": "2026-04-06T10:30:00Z",
"email": "customer@example.com",
"metadata": {
"source": "signup_form",
"ip_country": "DE"
}
}'
The payload structure is flexible and configured through the dashboard. Dxtra maps your fields to its internal data model based on the configuration you set up in Step 1.
Step 4: Verify¶
Send a test event and check the Dxtra dashboard to confirm it was received and processed correctly.
Managing custom integrations¶
Custom integrations support full CRUD operations through the dashboard:
- Onboard — Create a new custom integration with payload mapping
- List — View all configured custom integrations
- Get — View details for a specific integration
- Update — Modify payload mapping or configuration
- Delete — Remove an integration and its webhook URL
PII extraction pipeline¶
Events received through custom webhooks are processed through Dxtra's standard PII extraction pipeline. The pipeline:
- Parses the incoming payload based on your configured field mapping
- Identifies and extracts PII fields (email, name, phone, etc.)
- Creates or updates data subject records
- Logs the processing activity for compliance audit
Error handling¶
Your webhook endpoint should expect the following responses:
| Status | Meaning |
|---|---|
200 | Event received and accepted for processing |
400 | Invalid payload — check your JSON structure and required fields |
401 | Authentication failed — missing or invalid Authorization header or x-webhook-secret |
500 | Server error — retry the request |
For failed requests, implement retry logic with exponential backoff in your sending system.
Best practices¶
- Use HTTPS — The webhook URL uses HTTPS by default; ensure your system sends over TLS
- Include timestamps — Always include an event timestamp so Dxtra can order events correctly
- Be idempotent — If you retry a failed request, include a unique event ID so Dxtra can deduplicate
- Log webhook calls — Keep a log of sent webhooks on your side for debugging
- Monitor delivery — Set up alerting for failed webhook deliveries
Troubleshooting¶
Events not appearing in Dxtra — Verify the webhook URL is correct and the token has not been regenerated. Check that your payload matches the configured field mapping. Inspect your HTTP response for error details.
Authentication errors — If you receive 401 responses, your API key or webhook secret may be invalid. Check your API key and webhook secret credentials in the dashboard.
Payload mapping issues — If events are received but data is not extracted correctly, review the field mapping configuration in the dashboard. Ensure your payload field names match what Dxtra expects.
Related¶
- Custom integrations overview — Overview of custom integration options
- Consent management — Configure consent categories
- Data subject rights — Handle access and deletion requests
Not legal advice
This documentation provides technical guidance for integrating with Dxtra. AI-generated content does not constitute legal advice. Consult a qualified legal professional for advice specific to your jurisdiction and business context.