Overview
Oto can automatically send data to your systems via webhooks when important events occur. This allows you to:
Automatically add leads to your CRM (e.g., Salesforce, HubSpot)
Trigger automated follow-up sequences
Connect with Zapier, Make, or other automation platforms
Send data to your practice management system
Available Events
Event | Description |
| A new patient registered through the provider directory |
| A patient completed a TFI assessment (coming soon) |
Setting Up Your Webhook
Step 1: Get Your Webhook URL
First, you'll need a webhook URL from your integration platform:
Zapier:
Create a new Zap with "Webhooks by Zapier" as the trigger
Choose "Catch Hook" as the event
Copy the webhook URL provided
Make (formerly Integromat):
Create a new scenario with "Webhooks" as the trigger
Choose "Custom webhook"
Copy the webhook URL provided
Your CRM:
Most modern CRMs support incoming webhooks. Check your CRM's documentation for webhook or API endpoint URLs.
Step 2: Configure in Oto Dashboard
Go to Settings in your Oto provider dashboard
Click on the Integrations tab
Paste your webhook URL in the "Webhook URL" field
Select which events you want to receive
Click Save Webhook Settings
Once saved, Oto will automatically generate a webhook secret for security verification.
Webhook Payload
lead.created
When a new lead registers, we send a POST request with the following JSON payload:
{
"event": "lead.created",
"test": true,
"timestamp": "2026-01-14T12:17:23.884Z",
"lead": {
"id": "test_1768393043884",
"firstName": "Test",
"lastName": "Lead",
"email": "[email protected]",
"phone": "+15551234567",
"locationId": "test-location",
"locationName": "Test Location",
"organisationId": "a9oa94qrADws1qfbNjgk",
"organisationName": "BLUEMOTH Heari",
"preferredContactMethod": "email",
"messageForProvider": "This is a test webhook payload to verify your integration is working correctly.",
"createdAt": "2026-01-14T12:17:23.885Z",
"hasHearingLoss": true,
"usesHearingAids": false,
"tinnitusDuration": "more_than_2_years",
"shareActivityData": true
}
} Field Reference
Field | Type | Description |
event | string | The event type (e.g., "lead.created") |
test | boolean | true if sent using the 'test webhook' button |
timestamp | string | ISO 8601 timestamp of when the webhook was sent |
lead.id | string | Unique identifier for the lead |
lead.firstName | string | Patient's first name |
lead.lastName | string | Patient's last name |
lead.email | string | Patient's email address |
lead.phone | string | Patient's phone number |
lead.locationId | string | ID of the location they selected |
lead.locationName | string | Name of the location they selected |
lead.organisationId | string | Your organization's ID |
lead.organisationName | string | Your organization's name |
lead.preferredContactMethod | string | "email", "phone", or "no_preference" |
lead.messageForProvider | string | Optional message from the patient |
lead.createdAt | string | When the lead registered |
lead.hasHearingLoss | boolean | Whether they reported hearing loss |
lead.usesHearingAids | boolean | Whether they use hearing aids |
lead.tinnitusDuration | string | How long they've had tinnitus (see values below) |
lead.shareActivityData | boolean | Whether they consented to share app activity |
Tinnitus Duration Values
less_than_6_months- Less than 6 months6_to_12_months- 6 to 12 months1_to_2_years- 1 to 2 yearsmore_than_2_years- More than 2 years
Security: Verifying Webhook Signatures
To ensure webhook requests are genuinely from Oto, we sign each request with your webhook secret using HMAC-SHA256. We recommend verifying signatures in production environments.
Headers
Each webhook request includes these headers:
X-Oto-Signature- HMAC-SHA256 signatureX-Oto-Timestamp- Unix timestamp (milliseconds) when the request was signedContent-Type- Alwaysapplication/json
Verification Steps
Get the
X-Oto-Timestampheader valueGet the raw request body (as a string)
Concatenate:
{timestamp}.{body}Compute HMAC-SHA256 using your webhook secret
Compare with the
X-Oto-Signatureheader
Delivery History
You can view the status of recent webhook deliveries in Settings > Integrations. The delivery history shows:
Time the webhook was sent
Event type
Success or failure status
HTTP response code
Response time
Zapier Integration Example
Here's how to set up a complete Zapier integration:
Create a new Zap
Trigger: Webhooks by Zapier → Catch Hook
Copy the webhook URL to your Oto dashboard
Test the trigger by registering a test lead
Add an action: Connect to your CRM or email tool
Map the fields:
First Name →
lead.firstNameLast Name →
lead.lastNameEmail →
lead.emailPhone →
lead.phoneNotes →
lead.messageForProvider
Troubleshooting
Webhook Not Receiving Data
Verify the URL is correct and uses HTTPS
Check that your endpoint is publicly accessible
Check the Delivery History in Settings > Integrations
Make sure the event type is enabled
Signature Verification Failing
Ensure you're using the raw request body, not a parsed/modified version
Check that the timestamp in your calculation matches the header exactly
Verify you're using the correct webhook secret from your dashboard
Missing Fields
Some fields may be null if the patient didn't provide that information during registration. Always check for null values in your integration.
Need Help?
If you're having trouble setting up your webhook integration, contact us at [email protected] and we'll help you get connected.