Ticket webhook — deliver handoff transcripts to your helpdesk
An alternative to handoff email. When a visitor triggers handoff, Wilow POSTs the full transcript as signed JSON to a URL you own. Use this if you run Zendesk, Front, Freshdesk, or a custom helpdesk — the handoff becomes a ticket in your existing queue instead of a separate email chain.
When to enable it
Use the ticket webhook if the team answering handoffs already lives in a helpdesk and bouncing between there and an inbox adds friction. One queue, one SLA timer, one assignment workflow.
Stick with plain email if your team is small and the inbox already works. Email is faster to set up and easier to inspect when something goes wrong.
You can configure both channels at once. You'll get both deliveries; deduplicate on handoffId.
Configure
Admin → Widget → Handoff → Ticket webhook.
- URL — HTTPS only. We reject HTTP and SSRF-suspicious hosts at save time.
- Secret — click Generate. Shown once. If you lose it, regenerate.
- Hit Test. We fire a synthetic handoff at your endpoint and show the response code + timing.
- Hit Save.
Request shape
See the Handoff page for the full handoff.created payload. A small sample:
{
"event": "handoff.created",
"tenantId": "…",
"conversationId": "…",
"handoffId": "…",
"visitorEmail": "[email protected]",
"reason": "I want pricing for 500 seats",
"transcript": [
{ "role": "user", "content": "…", "createdAt": "…" },
{ "role": "assistant", "content": "…", "createdAt": "…" }
],
"adminConversationUrl": "https://usewilow.com/admin/conversations?id=…"
}Every request carries X-Wilow-Signature: sha256=<hex>. Verify before trusting.
Verifying the signature
See Webhook security — same scheme as the lead webhook, so a single receiver (or shared middleware) handles both. HMAC-SHA256 of the raw body keyed by your secret, hex-encoded, sent as X-Wilow-Signature: sha256=<hex>. Verify with a constant-time compare. Reject on mismatch with 401.
Mapping into a helpdesk
A Zendesk-friendly mapping:
| Wilow field | Zendesk field |
|---|---|
visitorEmail |
requester.email (or create end-user if missing) |
reason |
subject |
transcript |
comment.body (rendered Markdown of each turn) |
adminConversationUrl |
custom field, so agents can jump back to the full chat |
Same principle for Front, Freshdesk, Help Scout — map the four fields that matter, drop the rest into a custom field or tag.
Pitfalls
- Failures on your endpoint are logged, not retried. If your helpdesk is down for 5 minutes, those handoffs arrive over email (if you configured email too) or appear only on the admin Handoffs page.
- Signatures cover the raw body. If you JSON-parse before verifying, you'll have re-serialized bytes that don't match our signature. Parse after.
- If handoff is disabled on your workspace, this webhook never fires — the visitor never gets the handoff button to begin with. Talk to us to enable handoff.