Skip to main content

How webhooks work

Nous’s worker exposes a webhook server at https://api.yourdomain.com/inbound/. Each source gets its own path with your workspace ID embedded in the URL. 
https://api.yourdomain.com/inbound/<source>/<workspaceId>
All handlers return { "ok": true } immediately — retries won’t cause duplicate activities because every event is deduplicated by external_id.
LinkedIn webhooks are configured differently — they go through Unipile using a query-param URL. See the LinkedIn provider page for exact setup.

Available endpoints

SourceEndpointCreates contacts?
Instantly/inbound/instantly/:workspaceIdYes
Fireflies/inbound/fireflies/:workspaceIdNo
Fathom/inbound/fathom/:workspaceIdNo
RB2B/inbound/rb2b/:workspaceIdYes
Calendly/inbound/calendly/:workspaceIdYes
Custom capture/api/v1/capture (API key auth)No

HMAC verification

Set a shared secret for each source in nous.env. Nous validates the signature header using HMAC-SHA256. 
INSTANTLY_WEBHOOK_SECRET=your-secret
CALENDLY_WEBHOOK_SECRET=your-secret
FIREFLIES_WEBHOOK_SECRET=your-secret
FATHOM_WEBHOOK_SECRET=whsec_your-svix-secret
RB2B_WEBHOOK_SECRET=your-secret
Fathom uses svix-based signing (webhook-signature header) with timestamp tolerance. All other sources use standard x-nous-signature: sha256=hmac.
If a secret is not set, the signature check is skipped — fine for local dev, set secrets in production.

Finding your workspace ID

Your workspace ID is a UUID visible in Settings → Workspace. It’s also returned in all API responses under workspace_id.