Verifying webhook

Hello I am trying to verify my webhook but on my production instance of Keap I am not getting a header with the X-hook-secret.

This is after I initiate a /hooks/{key}/verify.

The message I get to my end point is {“event_key”: ‘contact.edit’, verification_key: xxxxxxx}

I tried using verification_key like using the delayed verification end point, but I get a server error.

The process worked on my test instance of Keap and I was able to extract thge X-hooks-secret from the header and return, but it does not seem to be working now.

Hello Wil_Ho1,

What you are passing for the {key}? Just to clarify, this is the id number aka key field found in the response when creating or listing hooks:

List Hooks:


There are a number of free test post recipient services you can use to validate what is being sent out to the hookUrl. I tried out and was able to take a look at the data being received.

I realize this doesn’t necessarily answer why you were experiencing an issue, but am hopeful the above info and tool suggestion will help you track down where the problem is occurring. Please let me know if you have any additional questions!

What was received @ the hookUrl:

You have to send the verify key back to Keap when it’s getting verified. Try putting the code below ABOVE anything else in your PHP code (index.php).

 * IMPORTANT!  The following code MUST be at the top and at code root level
 * before namespacing or any other code.  While it is not necessary to keep
 * this code it is necessary that it is present whenever endpoint validation
 * is registered as this is how Infusionsoft confirms the endpoint as valid.
$headers = array();
foreach ($_SERVER as $key => $value) {
    if (substr($key, 0, 5) <> 'HTTP_') {
    $header           = str_replace(' ', '-', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))));
    $headers[$header] = $value;
$notification = json_decode(file_get_contents('php://input'));
if (isset($headers['X-Hook-Secret'])){header('X-Hook-Secret: ' .
    $headers['X-Hook-Secret'] . '');}
 * End required code root