Create webhook templates
To create or edit webhook templates you need the following permissions:
- Create templates: Create Templates (
CREATE_COMMUNICATION_TEMPLATES) and View Administration Details. - Edit / activate / deactivate templates: Edit Templates (
EDIT_COMMUNICATION_TEMPLATES) and View Administration Details. - View templates: any of Create Templates, Edit Templates, or View Administration Details.
Create a webhook
- Go to Administration > Webhooks > Templates.
- Select Add Notification.
- Enter the required information (see Fields below).
- Select Save Changes.
Templates list a state and a status:
- State: In Use (at least one notification sent) or Not In Use.
- Status: Active (can be used) or Inactive (deactivated).
Fields
Webhook name
A human-readable unique name, up to 255 characters. Leading and trailing spaces are trimmed automatically.
Subscription option
Choose whether recipients are Opt-out (auto-subscribed) or Opt-in (manually subscribed).
- Opt-out: On first save, recipients are automatically subscribed in the background. They can later unsubscribe.
- Opt-in: Recipients are not subscribed by default and must be added manually.
Target
Select what the notification relates to. Available targets include:
- Client
- Group
- Background process (for example, End of Day)
- Data access
- Payment order (when Payments is enabled)
- Accounting (journal entries)
The target determines which events are available and which placeholders you can use.
Event trigger
Choose the event that triggers the webhook. Available events depend on the selected target, enabled features, and the Webhooks channel.
For a full list and details, see Event triggers.
Conditions
Optionally restrict when the webhook is sent by adding conditions (field, operator, value). Choose:
- Match All – all conditions must be true (AND)
- Match Any – at least one condition must be true (OR)
Webhook URL
The destination endpoint for the request.
- Must be a valid
http://orhttps://URL; quotes are not allowed in the URL. - Certain placeholders are not allowed in the URL.
- Placeholders can be used in the path and query string where appropriate.
- For security and deliverability, use HTTPS. Depending on your environment, non-HTTPS or blacklisted destinations may be rejected at send time.
Request type
The HTTP method used for the request. Supported:
POSTPUTPATCH
Authorization
Choose one of:
- No Authorization
- Basic Authorization (username and password)
For token or API key authentication, use a custom header (see below).
Content type
Format of the request body:
- Plain text (
text/plain) - JSON (
application/json) - XML (
application/xml)
If you select JSON or XML, ensure the payload is validly formatted.
Custom request headers
Static headers to include with every request.
- Placeholders are not supported in headers.
- Avoid reserved headers; some headers may be ignored by the platform (for example,
x-consumer-username).
Webhook contents
The request payload sent to your endpoint.
- You can include placeholders to inject values from the triggering context.
- If you use JSON or XML, validate the structure before saving to avoid send-time failures.
See Placeholders for more details on available fields.
Manage subscriptions
- Open the recipient profile (for example, a client or group).
- Select More > Set Notifications.
- In Notification Requests, select or deselect the relevant notifications.
Notes:
- The list is grouped by event trigger and channel (SMS, email, webhook).
- If multiple webhook templates exist for the same event trigger, a single checkbox controls subscription to all of them.
Test your webhook configuration
If you do not control the receiver logs, you can use tools such as RequestBin or Webhook Tester to inspect incoming requests from Mambu and verify:
- URL and HTTP method
- Headers
- Payload shape and content
Sender IP addresses
Webhook requests originate from Mambu infrastructure. Source IP addresses vary by region and environment. If you need to allowlist IPs in your firewall, contact Mambu Support for the current list for your environment.