Webhooks
Use SEO Boost Hub webhooks to receive near real-time event notifications in your systems.
Setup
Configure webhook endpoints from your dashboard:
Navigate to Settings β Webhooks Click Add Endpoint, enter your URL, and select the events you want to receive.
Available Events
The following events trigger webhook notifications:
| Event | Description |
|---|---|
location.updated |
A location's details were modified |
rank.scanned |
A daily rank scan completed for a keyword |
content.published |
A content post was published to Google Business Profile |
review.received |
A new Google review was received |
health.calculated |
Business health score was recalculated |
Payload Format
All webhook payloads follow a consistent JSON structure:
{
"id": "evt_01hx9c3f7a",
"event": "rank.scanned",
"timestamp": "2025-11-28T08:15:00Z",
"data": {
"keyword_id": "kw_01hx8b2e4d",
"keyword": "best coffee shop berlin",
"location_id": "loc_01hx7a9b2c",
"previous_rank": 8,
"current_rank": 5,
"search_engine": "google",
"scanned_at": "2025-11-28T08:14:55Z"
}
}
Signature Verification
Every webhook request includes an X-Signature header containing an HMAC-SHA256 hash of the payload. Verify this signature to ensure the request is authentic:
Signature Header
X-Signature: sha256=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
Verification Example (PHP)
$payload = file_get_contents('php://input');
$signature = hash_hmac('sha256', $payload, $webhookSecret);
$header = $_SERVER['HTTP_X_SIGNATURE'] ?? '';
if (hash_equals("sha256={$signature}", $header)) {
// Signature is valid β process the event
} else {
// Invalid signature β reject the request
http_response_code(401);
}
Retry Policy
If your endpoint returns a non-2xx status code, the webhook is retried with exponential backoff:
| Attempt | Delay |
|---|---|
| 1st attempt | Immediate |
| 2nd attempt | 5 minutes |
| 3rd attempt | 30 minutes |
Note After 3 failed attempts, the webhook is marked as failed. You can view failed deliveries in Settings β Webhooks.