Docs
← Back to site

Webhook Support

2 min readUpdated June 20, 2026

In addition to the built-in CRM and ESP integrations, WP Smart Consent can fire outbound webhooks on every opt-in event. This lets you connect to any service that accepts an incoming HTTP POST request — useful for platforms not covered by the built-in integrations, or for routing opt-ins through an automation tool like Zapier, Make, or n8n.

Multiple Webhooks

WP Smart Consent supports unlimited webhook endpoints. Each webhook is independent and has its own configuration — you can send different subsets of data to different services simultaneously, all from a single opt-in event.

Setting Up a Webhook

In the WP Smart Consent dashboard, go to the Webhooks tab and click Add webhook. Each webhook has:

Name — a label for your own reference, shown in the webhook list.

URL — the endpoint that receives the POST request. This can be a direct service URL or an automation platform webhook trigger.

Secret key — optional. If provided, WP Smart Consent sends an X-WPSC-Signature HMAC header with the request so the receiving service can verify the payload is authentic.

Enabled toggle — lets you disable a webhook without deleting it.

Field map — controls exactly which fields are included in the JSON payload and what they’re named. By default the map includes email, first name, and last name. You can add or remove fields and rename the JSON keys to match what your receiving service expects. Available fields are email, first name, last name, phone, company, country, order total, and source URL.

The Data Payload

WP Smart Consent sends a POST request with a Content-Type: application/json header. The body is a JSON object containing whichever fields you’ve enabled in that webhook’s field map. A typical payload looks like:

json

{
  "email": "jane@example.com",
  "first_name": "Jane",
  "last_name": "Smith",
  "phone": "+1 555 000 0000",
  "country": "US",
  "order_total": "49.00"
}

HMAC Signature Verification

If you’ve set a secret key on a webhook, every request will include an X-WPSC-Signature header containing an HMAC-SHA256 hash of the raw JSON body signed with your secret. On the receiving end you can verify the signature to confirm the request came from your WordPress site and the payload was not tampered with.

Using Webhooks With Automation Platforms

Point the webhook URL at a Zapier, Make, or n8n incoming webhook trigger. From there you can map the fields to any action your automation platform supports — giving you access to hundreds of additional destinations beyond WP Smart Consent’s built-in integrations. Because you can add multiple webhooks, you can send to several automation platforms in parallel without needing to fan out from a single trigger.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only