Webhooks for Custom Applications
Webhooks allow custom applications to receive real-time notifications about entity-level events in Flowlu. Instead of polling the API for changes, Flowlu sends event data to an application when supported events occur.
Webhooks are used to react to changes in Flowlu data, such as when an entity is created, updated, or deleted.
How webhooks work in Flowlu
Flowlu supports outgoing webhooks only.
Webhooks are configured in the portal under System Settings → Webhooks. When a supported event occurs, Flowlu sends an HTTP POST request to the configured endpoint.
Webhook requests are sent in JSON format.
Please note: Flowlu does not send webhooks for application lifecycle events such as installation, update, or removal.
Webhook payload structure
Each webhook request contains information about the event and the affected entity.
{
"meta": {
"module": "crm",
"model": "account",
"action": "create"
},
"current": {},
"previous": {}
}
Payload fields
| Field | Type | Description |
|---|---|---|
| meta.module | string | Module name of the entity |
| meta.model | string | Model name of the entity |
| meta.action | string | Event type: create, update, or delete |
| current | object or null | Entity state after the change |
| previous | object or null | Entity state before the change |
The current and previous objects follow the same structure as entities returned by the Flowlu API.
Scope enforcement for webhooks
Webhook usage is restricted by application permission scopes.
When a webhook is created:
-
Flowlu verifies that the application declares a scope that allows access to the target module and model.
-
If the required scope is missing, the webhook is not created.
Webhook payloads contain only data that the application is allowed to access based on the scopes declared in the manifest.
Webhooks and application updates
When a new application version is installed:
-
the new manifest is compared with the previously installed version,
-
previously registered webhooks are removed if they are no longer defined,
-
new webhooks are registered if they are defined in the updated manifest.
Webhook configuration is therefore always aligned with the currently installed application version.
Using webhooks in custom applications
Custom applications typically process webhooks on their backend.
Webhooks can be used to:
-
synchronize data with external systems,
-
trigger background processing,
-
react to changes in Flowlu entities.
Webhook endpoints must be able to receive HTTP POST requests and process JSON payloads.
Security considerations
Webhook endpoints must be exposed over HTTPS.
Applications should:
-
validate incoming webhook payloads,
-
handle duplicate or repeated requests safely,
-
avoid assuming delivery order or guaranteed delivery.
Relationship to the Flowlu API
Webhooks notify an application that an event has occurred.
If additional data is required, the application can retrieve or modify data using the Flowlu public API, subject to:
-
declared application scopes, and
-
the access rights of the user whose token is used.
For supported events and API usage details, refer to the Flowlu API documentation.
