Skip to main content
Pryzm currently supports one outbound CRM webhook event: campaign.created.v1. This webhook is scoped to a specific pipeline. When a new campaign is created in that pipeline, Pryzm sends a signed POST request to your target URL.

Available Event

EventWhen it firesScope
campaign.created.v1After a new campaign is createdOne pipeline (pipeline_id)

Create a Webhook

Webhook subscriptions are created and managed in the Pryzm frontend at the pipeline level. Notes:
  • webhook_type currently supports only campaign.created.v1
  • target_url must be a public HTTPS URL
  • Only admins can create or deactivate webhook subscriptions
  • Pryzm returns the signing secret only when the webhook is created, so store it when you receive the response

Request Body

Pryzm sends a POST request with this envelope: 
{
  "event": "campaign.created.v1",
  "event_timestamp": "2026-04-09T14:23:11.000000+00:00",
  "data": "<campaign record payload>"
}
The data object uses the same campaign shape returned by the External API’s Get Record by ID endpoint for campaign records. The event field is also provided in the X-Pryzm-Event header for routing convenience. For the exact campaign payload structure, see:

Headers

Each outbound request includes:
HeaderDescription
Content-TypeAlways application/json
X-Pryzm-EventEvent name, currently campaign.created.v1
X-Pryzm-Event-IdUnique Pryzm event ID for this webhook delivery
X-Pryzm-TimestampUnix timestamp in seconds
X-Pryzm-SignatureHMAC SHA-256 signature in the format t=<timestamp>,v1=<signature>

Signature Verification

Use the webhook secret returned at creation time to verify the request:
  1. Read the raw request body exactly as sent.
  2. Build the signed payload as <timestamp>.<raw_body>.
  3. Compute the HMAC SHA-256 digest using your webhook secret.
  4. Compare the digest to v1 from X-Pryzm-Signature.
X-Pryzm-Event-Id is not part of the signature payload. Use it as a stable event identifier for idempotency, logging, and delivery tracing on your side. 
import hashlib
import hmac

timestamp = request.headers["X-Pryzm-Timestamp"]
signature = request.headers["X-Pryzm-Signature"]
raw_body = request.get_data(as_text=True)

signed_payload = f"{timestamp}.{raw_body}".encode()
expected = hmac.new(WEBHOOK_SECRET.encode(), signed_payload, hashlib.sha256).hexdigest()
received = signature.split("v1=", 1)[1]

is_valid = hmac.compare_digest(expected, received)

Delivery and Retries

  • Pryzm sends webhook deliveries with a 5 second timeout
  • Redirects are not followed
  • Pryzm retries delivery on network errors, 429, and 5xx responses
  • Pryzm does not retry other 4xx responses
  • Retries use exponential backoff with jitter, starting at 120 seconds and capped at 1800 seconds
  • With the current worker configuration, a delivery can be attempted up to 6 times total
  • If a webhook reaches 50 consecutive final-attempt failures, Pryzm automatically deactivates it and emails the webhook owner

Versioning and Migrations

Webhook event types include a version suffix (e.g. campaign.created.v1). When the payload schema for an event changes, Pryzm releases a new version (e.g. campaign.created.v2) rather than modifying the existing one.
  • Both versions run concurrently for a limited transition period so existing integrations are not disrupted.
  • During the transition period you can create new webhooks on either version.
  • Pryzm will announce new versions and deprecation timelines in advance.
  • Once the transition period ends, the older version will stop firing and any webhooks still registered on it will be deactivated.
To migrate, create a new webhook subscription for the newer event version, verify it works, then deactivate the old one.

Managing Subscriptions

Webhook subscriptions are tied to a specific pipeline and are managed through the Pryzm frontend by admins.