HotelRankhotelrank.ai

Webhooks

In this guide, we will look at how to register and consume webhooks to integrate your app with HotelRank. With webhooks, your app can react when something happens in HotelRank, such as a new hotel being registered or an analysis result being marked as failed.

Registering webhooks

To register a new webhook, you need to have a URL in your app that HotelRank can call. You can configure a new webhook from the HotelRank dashboard under API settings. Give your webhook a name, pick the events you want to listen for, and add your URL.

Now, whenever something of interest happens in your account, a webhook is fired off by HotelRank. In the next section, we'll look at how to consume webhooks.

Consuming webhooks

When your app receives a webhook request from HotelRank, check the type attribute to see what event caused it. The first part of the event type will tell you the payload type, e.g., a hotel, analysis, etc.

Example webhook payload

{
  "id": "a056V7R7NmNRjl70",
  "type": "hotel_analysis_result.completed",
  "payload": {
    "id": 128,
    "hotel_analysis_id": 77,
    "status": "completed",
    "hotel_mentioned": true,
    "model": "gpt-4o-mini",
    "persona": "digital nomad"
  }
}

In the example above, a hotel analysis result was marked completed, and the payload type is a hotel_analysis_result.

See all event types

Event types

  • Name
    hotel.created
    Description

    A new hotel was registered in a workspace.

  • Name
    hotel.updated
    Description

    An existing hotel was updated (name, location, or Google Places data).

  • Name
    hotel.deleted
    Description

    A hotel was removed from a workspace.

  • Name
    hotel_analysis_result.completed
    Description

    A hotel analysis result finished processing successfully.

  • Name
    hotel_analysis_result.failed
    Description

    A hotel analysis result failed and may need a retry.

  • Name
    hotel_analysis_result.retried
    Description

    A failed hotel analysis result was requeued for processing.

Example payload

{
  "id": "a056V7R7NmNRjl70",
  "type": "hotel_analysis_result.failed",
  "payload": {
    "id": 130,
    "hotel_analysis_id": 77,
    "status": "failed",
    "error_message": "Upstream provider timeout",
    "hotel_mentioned": false,
    "model": "llama-3-sonar-small-128k-online",
    "persona": "family traveler"
  }
}

Security

To know for sure that a webhook was, in fact, sent by HotelRank instead of a malicious actor, you can verify the request signature. Each webhook request contains a header named x-hotelrank-signature, and you can verify this signature by using your secret webhook key. The signature is an HMAC hash of the request payload hashed using your secret key. Here is an example of how to verify the signature in your app:

Verifying a request

const signature = req.headers['x-hotelrank-signature']
const hash = crypto.createHmac('sha256', secret).update(payload).digest('hex')

if (hash === signature) {
  // Request is verified
} else {
  // Request could not be verified
}

If your generated signature matches the x-hotelrank-signature header, you can be sure that the request was truly coming from HotelRank. It's essential to keep your secret webhook key safe — otherwise, you can no longer be sure that a given webhook was sent by HotelRank. Don't commit your secret webhook key to GitHub!

Was this page helpful?