FRITH

Webhooks

Receive real-time POST notifications for 15 FRITH event types — no polling required.

Configuring a webhook endpoint

  1. 1Go to Settings → Developer → Webhooks → Add Endpoint.
  2. 2Enter the HTTPS URL of your server endpoint (must be publicly reachable).
  3. 3Select which event types to receive (or select All events).
  4. 4Click Save. FRITH sends a test POST to your endpoint to verify it responds with HTTP 200.
  5. 5If the test fails, check your server is publicly reachable and responds 200 within 30 seconds.
  6. 6Once verified, the endpoint is active and starts receiving events immediately.

Signature verification

Every webhook request is signed with HMAC-SHA256 using your webhook secret. Always verify the signature before processing the event:

# Node.js / Express:

const sig = req.headers['x-frith-signature'];

const expected = crypto.createHmac('sha256', process.env.WEBHOOK_SECRET)

.update(req.rawBody).digest('hex');

if (sig !== `sha256=${expected}`) {

return res.status(401).json({ error: 'Invalid signature' });

}

Use the raw request body (before JSON.parse) to compute the HMAC. Parsing first changes the byte representation and invalidates the signature.

Webhook event payload

{

"id": "evt_01j2abc123", // Unique event ID

"event": "invoice.paid", // Event type

"timestamp": "2026-06-11T...", // ISO 8601 UTC

"organisationId": "org_xyz", // Your org ID

"data": { ... } // Resource object

}

Retry policy

If your endpoint returns any status other than 2xx, or times out (30 second limit), FRITH retries with exponential backoff: 5s → 30s → 2min → 10min → 1hr. After 5 failed attempts, the event is marked as failed and you can manually replay it from Settings → Developer → Webhooks → Failed Events.

Events expire after 24 hours — replay before then to avoid losing them.

Event types (15 total)

matter.createdA new matter was opened
matter.updatedMatter fields were changed
matter.closedA matter was closed
contact.createdA new contact was created
contact.updatedContact fields were changed
invoice.createdA new invoice was generated
invoice.paidAn invoice was marked paid
invoice.overdueAn invoice passed its due date unpaid
payment.receivedA payment was recorded
trust.depositTrust funds were deposited
trust.withdrawalTrust funds were withdrawn
deadline.dueA deadline is due within the configured lead time
task.completedA task was marked complete
lead.createdA new lead entered the pipeline
lead.convertedA lead was converted to a client/matter

Related articles

Authentication
REST Endpoints
Automation & Zapier
All API Guides

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.