Integrations Overview

Splashify Pro’s integrations let any external platform (Razorpay, Stripe, Shopify, Zapier, HubSpot, etc.) fire a WhatsApp template message to your customers in response to an event — a successful payment, a new order, a dropped checkout, a ticket reply.

Every integration uses the same primitive: you paste a webhook URL into the other platform; we receive the payload; we pick a template, fill in the variables from the payload, and send.

How it works


Vendor event  →  Splashify webhook receiver  →  Template send
┌──────────┐     ┌──────────────────────┐     ┌─────────────┐
│ Razorpay │ ──▶ │ POST /webhooks/integ.│ ──▶ │ WhatsApp    │
│ payment  │     │ /{user_id}/{slug}    │     │ template to │
│ captured │     │                      │     │ customer    │
└──────────┘     └──────────────────────┘     └─────────────┘

Behind the scenes each inbound request passes through four gates:

Signature verification — for Razorpay, Stripe, Shopify, and WooCommerce we check the HMAC signature using your configured webhook_secret. Forged requests get rejected with HTTP 401. If you haven’t set a secret yet, the request is accepted but flagged as unverified in the audit log.
Idempotency — every request is identified by the vendor’s event ID (or a content hash). We insert-if-not-exists into a 7-day dedupe table. Retries of the same event return 200 {duplicate: true} without re-sending.
Event routing — for multi-event integrations (Razorpay, Stripe, Shopify, WooCommerce, Freshdesk, Calendly) we pick the template configured for that specific event type. Events you haven’t mapped are skipped silently.
Template send — we extract the recipient phone number from the configured phone_field path, resolve template variables via your variable mapping, and send via your WABA.

Every outcome — sent, duplicate, signature failed, phone missing, send failed — is captured in the audit log with the raw body, so “my webhook fired but no message went out” is always debuggable.

Core concepts

Webhook URL

Every integration has a single inbound URL of the shape:


https://apis.splashifypro.com/api/v1/webhooks/integrations/{YOUR_USER_ID}/{slug}

You’ll find the exact URL (with your user id already filled in) on each integration’s detail page in Splashify. Paste it into the vendor’s webhook configuration.

Phone field

Tells us where in the payload to find the customer’s phone number. Dot notation for nested fields:

contact — {"contact": "919876543210"} → the top-level contact string
customer.phone — {"customer": {"phone": "..."}}
billing.phone — {"billing": {"phone": "..."}}

The phone is sent as-is to Meta — it should include the country code, no + or spaces needed (we strip + automatically).

Variable mapping

For each template variable {{1}}, {{2}}, etc., you choose a payload field path. Example for a Razorpay payment success:

Template var	Field path	Example value
`{{1}}`	`amount`	`50000`
`{{2}}`	`id`	`pay_abc...`
`{{3}}`	`notes.order_id`	`ORD-123`

Fields that don’t exist on a given payload resolve to an empty string — check the audit log when your message shows up with blanks where values should be.

Multi-event automations

Some vendors fire webhooks for many event types to the same URL. For these you set up one template per event:

Vendor	Events supported
Razorpay	`payment.captured`, `payment.failed`
Stripe	`payment_intent.succeeded`, `payment_intent.payment_failed`
Shopify	`checkouts/create`, `orders/paid`, `orders/cancelled`
WooCommerce	`order.created`, `order.updated`
Freshdesk	`ticket_created`, `ticket_updated`
Calendly	`invitee.created`, `invitee.canceled`

Event types you don’t map are received but skipped — no template fires. That’s fine, just configure the ones you care about.

Audit log

Every inbound webhook writes one row to the audit log (30-day retention). View it under the integration’s Logs tab. Each row shows:

Timestamp, slug, event type, event id
Status — sent, duplicate, signature_failed, config_missing, phone_missing, send_failed
HTTP status returned to the vendor
Error message (if any)
Template name + recipient phone
Raw request body (up to 16KB) and Interakt response (up to 4KB)

If a webhook didn’t behave the way you expected, start here.

Security model

Signature verification (recommended)

Any vendor with a signing scheme — Razorpay, Stripe, Shopify, WooCommerce — should have webhook_secret set. Once set, requests missing or failing signature validation are rejected with HTTP 401 and the vendor will stop retrying forged requests.

Without a secret the URL is public and anyone who discovers it could inject fake events. The audit log flags these as unverified.

Credential storage

API keys, webhook secrets, and OAuth tokens are stored in ScyllaDB scoped to your user. They’re accessible only to the webhook receiver running under your account.

Plan limits

Some plans cap which integrations you can enable. The list of allowed slugs is surfaced on the integrations page — disallowed integrations show an Upgrade prompt instead of a Connect button.

Pick a guide

Payments: Razorpay, Stripe, PayPal, Cashfree, PayU, Xendit, Aspire
E-Commerce: Shopify, WooCommerce
Automation: Zapier, Pabbly, Make, Google Sheets
CRM: Zoho CRM, HubSpot, Salesforce, Freshworks CRM
Finance & Support: Zoho Billing, Freshdesk, Calendly
Custom: Generic Webhook — bring any platform that can fire an HTTP POST
Debugging: Troubleshooting