Webhooks overview
A webhook is a URL that an external provider calls when something happens — a new Slack message, an inbound WhatsApp text, a phone call. TeamMate generates a webhook URL for each channel you connect on an agent, and the provider posts inbound events to it. The agent then replies on the same channel.
These webhooks are inbound channel callbacks, separate from the TeamMate public REST API (which lives at https://tmmate.ai/api/v1). You don’t call these URLs yourself; you paste them into the provider’s configuration.
Where webhook URLs come from
Each channel’s setup dialog in the Channels tab shows the URL to copy. The URLs are scoped to a single agent by its agent ID.
| Channel | Webhook URL pattern |
|---|---|
| Slack (events) | https://tmmate.ai/api/webhook/slack/events/<agentId> |
| Slack (interactivity) | https://tmmate.ai/api/webhook/slack/interactive/<agentId> |
| Microsoft Teams | https://tmmate.ai/api/webhook/teams/<agentId> |
| Telegram | https://tmmate.ai/api/webhook/telegram/<agentId> (registered automatically) |
| WhatsApp Business | https://tmmate.ai/api/webhook/whatsapp/<agentId> |
| Twilio WhatsApp | https://tmmate.ai/api/webhook/twilio/whatsapp/<agentId> |
| Twilio WhatsApp (status) | https://tmmate.ai/api/webhook/twilio/status/<agentId> |
| Twilio Voice | https://tmmate.ai/api/webhook/twilio/voice/<agentId> |
| Twilio Voice (status) | https://tmmate.ai/api/webhook/twilio/voice/<agentId>/status |
| Vapi (custom LLM) | https://tmmate.ai/api/webhook/vapi/<agentId>/chat/completions |
| Vapi (events) | https://tmmate.ai/api/webhook/vapi/<agentId> |
| Agent email | https://tmmate.ai/api/webhook/agent-mail (shared; routed by the recipient address) |
How verification differs by provider
Providers verify webhook calls in different ways, and TeamMate stores whatever each one needs:
- Slack signs requests with the signing secret you enter.
- WhatsApp Business uses a Verify Token during the one-time URL handshake with Meta.
- Telegram can use an optional webhook secret you set.
- Microsoft Teams authenticates via the Azure Bot App ID + App Password.
- Agent email validates the recipient address and the sender’s allowed-senders entry before processing.
Reliability
Inbound events are accepted quickly and processed in the background, so a slow agent response never blocks the provider. Email, for example, is queued for durable processing and retried on failure.