Skip to main content

Automation recipes

Zapier

  1. Create a Webhooks by Zapier > Catch Hook trigger.
  2. Copy the HTTPS hook URL into a TheBooking webhook.
  3. Select the required events and save the one-time secret securely.
  4. Send a test webhook to load a sample.
  5. Filter on event and map fields from data.

Zapier's standard catch-hook step does not by itself provide TheBooking HMAC verification. For security-sensitive automation, place a small verifying endpoint in front of Zapier and forward only verified requests.

Make

  1. Create a scenario with a Custom webhook.
  2. Register the generated HTTPS URL in TheBooking.
  3. Send a test payload so Make determines the data structure.
  4. Add a router keyed by event.
  5. Store processed delivery IDs to prevent duplicate work.

As with Zapier, use a verifying proxy when the automation must reject unsigned or altered payloads.

Custom receiver

A production receiver should:

  1. read the raw request body;
  2. verify X-TBK-Signature;
  3. reject timestamps outside an acceptable replay window;
  4. deduplicate X-TBK-Delivery;
  5. enqueue work and return 2xx quickly;
  6. periodically reconcile important data through the read API.