Integrations guide
Notifizz ingests events from external sources via dedicated webhook endpoints. This guide walks through setting up each connector — Segment, Stripe, HubSpot, Intercom — from “zero” to “campaign fires from a provider event”. The exact wire format per provider is in connector webhooks reference. This page is task-oriented; jump there when you need the headers and HMAC formulas.TL;DR
- Each provider has a dedicated
POST /v1/webhooks/{provider}/:sourceIdendpoint. - The dashboard mints a
sourceIdandverificationSecretper source. - Configure the webhook on the provider side with the URL + secret.
- Notifizz verifies the signature, maps the provider event to the Notifizz event grammar, and feeds it into the same pipeline as
client.track()calls.
Common flow
The setup is the same shape for every provider:Create a source in the dashboard
sourceId and a verificationSecret. Both are needed in the next step.Configure the webhook on the provider
https://eu.api.notifizz.com/v1/webhooks/{provider}/<sourceId>. The secret goes into the provider’s “shared secret” / “signing secret” / “client secret” field — the exact name varies.Test delivery
Map provider events to Notifizz events
invoice.payment_succeeded → stripe.invoice.paid). The dashboard exposes a UI for renaming and for marking unmapped types as “ignored”.Per-provider setup
Segment
Add a Segment source in Notifizz
verificationSecret.Configure Segment
verificationSecret.x-signature, value is hex(HMAC-SHA1(verificationSecret, rawBody)).
Stripe
Add a webhook endpoint in Stripe
verificationSecret field.stripe-signature with Stripe’s multi-element format (t=<ts>,v1=<sig>). Notifizz delegates to Stripe’s official verifier — the same logic as Webhook.constructEvent in the Stripe SDK.
HubSpot
Set up the HubSpot app webhook
verificationSecret.x-hubspot-signature-v2 (with x-hubspot-signature fallback), value is hex(HMAC-SHA256(clientSecret, rawBody)).
Intercom
Configure the Intercom webhook
verificationSecret.x-hub-signature, value is sha1=<hex(HMAC-SHA1(verificationSecret, rawBody))> — the same GitHub-style scheme. Note the sha1= prefix.
Debugging signature failures
The dashboard delivery history flags signature failures with a 401 entry. The most common causes:| Symptom | Cause | Fix |
|---|---|---|
| 401 on every delivery | Wrong verificationSecret | Re-copy from the provider — most providers regenerate the secret if you click “Show” then leave; copy fresh. |
| 401 sporadic | Stripe timestamp drift | NTP your Notifizz region (rare — Stripe’s tolerance is generous). |
| 401 from a specific event type | Provider sent a non-JSON or pre-parsed body | Notifizz expects raw JSON; if the provider unfortunately re-serialised, the byte mismatch breaks HMAC. Open a support ticket. |
| 404 sourceId | Wrong URL | Double-check the path — the sourceId must match the dashboard. Easy to mis-paste between environments. |
Mapping events
Each connector ships a default mapping out of the box. The dashboard’s mapping UI exposes:- The list of provider event types observed in delivery history.
- The mapped Notifizz event name (editable).
- An “ignore” toggle for events you don’t want propagated.
FAQ
Segment 'invalid signature' — wrong secret or wrong source ID?
Segment 'invalid signature' — wrong secret or wrong source ID?
sourceId produces a 404. Wrong secret produces 401 + signature failure in the log. The dashboard delivery history distinguishes the two — read the entry’s reason field.Stripe `customer.subscription.updated` — what should I name my Notifizz event?
Stripe `customer.subscription.updated` — what should I name my Notifizz event?
stripe.customer.subscription.updated. Rename it to whatever your campaigns key on (subscription.updated, billing.subscription_changed, …). Naming consistency with your direct client.track() events makes campaigns easier to wire.Drop events I don't care about — how?
Drop events I don't care about — how?
Pause a connector temporarily?
Pause a connector temporarily?
Same Stripe event arrives twice — duplicate?
Same Stripe event arrives twice — duplicate?
idempotencyKey. A retried delivery from Stripe short-circuits with { duplicate: true }. Genuinely identical events from your end (e.g. user clicks twice) have different event ids and are not deduped.Multiple sources from the same provider — supported?
Multiple sources from the same provider — supported?
sourceId + verificationSecret. You can have, say, two Stripe accounts (production + sandbox) wired to the same Notifizz environment; campaigns can match on event content if they need to differentiate.