Outbound Webhooks - Docs | TeeckIn
TeeckIn/Docs

Outbound Webhooks

Send TeeckIn events as raw, signed JSON to any HTTPS endpoint — connect your timer and task activity to n8n, Make, Zapier, or your own backend.

What they are

A Custom Webhook (JSON) integration delivers TeeckIn events as a machine-readable JSON payload to an endpoint you control — unlike Slack/Mattermost integrations, which send formatted chat messages. Use it to trigger automations: log a finished timer to a spreadsheet, draft an invoice when a billable entry is created, or update a task in your project tool.

Available on every plan

Webhook integrations count toward your integration limit (Free: 1, Pro: 10, Team: 25), the same as Slack/Mattermost.

Creating a webhook integration

  1. 1
    Go to Settings → Integrations and click Add Integration
  2. 2
    Choose the Custom Webhook (JSON) platform
  3. 3
    Paste your HTTPS endpoint URL (the address your automation tool listens on)
  4. 4
    Pick the events to send and an optional topic/category filter
  5. 5
    Click Create Integration and copy the signing secret shown — it is displayed only once

HTTPS only, public endpoints only

The URL must use HTTPS, and it cannot point at a private, loopback, or link-local address (e.g. localhost, 10.x.x.x, or cloud metadata IPs). This protects your account and infrastructure from server-side request forgery.

The payload

Each delivery is a POST with a versioned JSON envelope. Events occurring within the integration's batch window are combined into one request's events array.

json
{
  "version": "1",
  "sentAt": "2026-05-30T14:02:11.000Z",
  "integration": { "name": "My Automation" },
  "events": [
    {
      "event": "timer_stop",
      "topicName": "Acme redesign",
      "categoryName": "Client work",
      "userName": "Jordan Breton",
      "durationMinutes": 45,
      "timestamp": "2026-05-30T14:02:11.000Z"
    }
  ]
}

The version field is a stability contract: field names won't change without a version bump, so your automations keep working.

Verifying the signature

Every request includes an X-TeeckIn-Signature header containing an HMAC-SHA256 of the raw request body, keyed with your signing secret:

text
X-TeeckIn-Signature: sha256=<hex-digest>

Recompute the digest over the raw body and compare. Example in Node.js:

javascript
import crypto from 'node:crypto';

function isValid(rawBody, header, secret) {
  const expected =
    'sha256=' + crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  // Constant-time comparison
  return crypto.timingSafeEqual(Buffer.from(header), Buffer.from(expected));
}

Rotating the secret

You can reveal or regenerate the signing secret anytime from the integration's edit dialog. Regenerating invalidates the old secret immediately — update your automation before rotating.

Connecting to n8n / Make / Zapier

Point the webhook URL at your automation tool's inbound webhook node, then use its HTTP request actions to call back into TeeckIn (e.g. create a time entry) if you need two-way flows. A typical setup:

  1. 1
    Create a webhook/trigger node in n8n, Make, or Zapier and copy its URL
  2. 2
    Create a TeeckIn webhook integration pointing at that URL
  3. 3
    (Optional) Add a signature-verification step using the secret
  4. 4
    Map the events[] fields to your downstream action

Related

Slack & Mattermost

Send formatted chat notifications instead of raw JSON

AI Agents

Let AI assistants track time automatically via the API

Was this helpful?