Setup guide
Step 1: Create a custom integration
- In the Moveo dashboard, navigate to Connections.
- Click Add connection.
- Select Custom HTTP from the list.
Step 2: Configure the webhook
- Enter your Webhook URL — the HTTPS endpoint where Moveo delivers events.
- Enter a Webhook secret — a string used to sign webhook payloads with HMAC-SHA256. Store this securely.
Step 3: Generate an API key
- Click Generate API key.
- Copy and securely store the API key. It is shown only once.
- Use this key in the
Authorizationheader for all inbound API requests.
Step 4: Configure optional settings
- Allowed IPs — restrict inbound API access to specific IP addresses or CIDR ranges (e.g.,
203.0.113.0/24). Leave empty to allow all IPs. - Subscribed events — choose which webhook event types to receive. Leave empty to receive all events.
- Session timeout — set the session TTL in seconds (default: 86,400 = 24 hours).
Step 5: Test the integration
Send a test request to create a session and verify your webhook receives the bot response. See the complete example section.
Configuration options
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
webhook_url | string | Yes | — | Your HTTPS endpoint URL for receiving events. |
webhook_secret | string | No | — | Secret key for HMAC-SHA256 webhook signature verification. |
allowed_ips | string[] | No | All IPs | IP addresses or CIDR ranges allowed to call the inbound API. |
subscribed_events | string[] | No | All events | Event types to receive on your webhook. |
session_timeout | integer | No | 86400 | Session TTL in seconds. Minimum: 60 (1 minute). Maximum: 1,296,000 (15 days). |
Authentication
All inbound API requests require an API key in the Authorization header:
Authorization: apikey YOUR_API_KEY
If you configure an IP allowlist, requests from IPs outside the allowlist receive a 401 Unauthorized response. The allowlist supports both individual IPs and CIDR notation (e.g., 198.51.100.42 or 203.0.113.0/24).