FullHotel Developer Center

Webhooks

Webhook Signatures and Delivery

Inbound and outbound webhook expectations, retry handling and HMAC signature verification.

Version 1.0.0

Last updated 2026-05-26

Webhook security

For outbound partner deliveries FullHotel uses signed webhook headers.

Signature headers

X-FullHotel-Event
X-FullHotel-Delivery
X-FullHotel-Timestamp
X-FullHotel-Signature

Verification model

The signature is calculated with HMAC SHA-256 over:

timestamp + "." + rawBody

Retry behavior

Integrations should:

return a 2xx as soon as the event is durably accepted
keep processing idempotent
store the delivery id for replay protection

Public inbound webhooks

The public docs include inbound examples for:

WhatsApp Cloud
Booking.com
selected connector endpoints