Skip to main content
Webhooks let NearIQ push event data to a URL you control the moment something happens — no polling required. Use them to pipe competitor alerts into your CRM, trigger Zapier workflows, update a Slack bot, or feed a custom analytics pipeline. Each registered endpoint receives a POST request with a signed JSON payload whenever one of the subscribed events fires.

Register an endpoint

Via the dashboard

1

Open webhook settings

Go to Settings → Notifications → Channels & webhooks. Scroll to the Webhooks section.
2

Add an endpoint

Click Add endpoint, enter your HTTPS URL, and choose the events you want to subscribe to.
3

Save the secret

After you save, NearIQ shows your webhook secret once. Copy it immediately — it will not be displayed again. You use it to verify incoming request signatures.

Via the API

You can also register endpoints programmatically with the REST API. 
curl -X POST https://neariq.io/api/v1/webhooks \
  -H "X-NearIQ-Key: niq_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://yoursite.com/hooks/neariq","events":["competitor.rating_change","alert.created"]}'
Store the secret value securely (for example, in an environment variable). NearIQ does not expose it again after creation. If you lose it, delete the endpoint and create a new one.

Supported events

EventFires when
competitor.rating_changeA tracked competitor’s Google rating changes
competitor.review_surgeA competitor receives an unusual spike in reviews
competitor.hours_changeA competitor updates hours, services, price, or category
competitor.website_changeA competitor’s website URL or content changes
competitor.new_competitorA competitor closes, reopens, or changes status
business.rating_changeYour own Google rating changes
business.review_surgeYour listing receives an unusual review surge
alert.createdAny alert is created — a catch-all for all event types
Subscribe to alert.created if you want a single endpoint to receive every alert regardless of type. Use granular event names when you need different endpoints for different event categories.

Verifying webhook signatures

Every delivery includes an X-NearIQ-Signature header containing an HMAC-SHA256 digest of the raw request body, prefixed with sha256=. Use your webhook secret (beginning with whsec_) to recompute the expected signature and compare it to the one in the header. Always verify signatures before processing a payload. This confirms the request originated from NearIQ and the body has not been tampered with. 
const crypto = require('crypto')

function verifySignature(payload, signature, secret) {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex')
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  )
}

// Express example
app.post('/hooks/neariq', express.raw({ type: 'application/json' }), (req, res) => {
  const sig = req.headers['x-neariq-signature']
  const secret = process.env.NEARIQ_WEBHOOK_SECRET

  if (!verifySignature(req.body, sig, secret)) {
    return res.status(401).send('Invalid signature')
  }

  const event = req.headers['x-neariq-event']
  const payload = JSON.parse(req.body)
  // Handle payload...
  res.sendStatus(200)
})
Pass the raw request body (before JSON parsing) to the verification function. Parsing and re-serializing the body can change whitespace and invalidate the signature.

Request headers

Every webhook delivery includes these headers:
HeaderValue
X-NearIQ-Signaturesha256=<hmac-sha256 of raw body>
X-NearIQ-EventThe event name, e.g. competitor.rating_change
Content-Typeapplication/json

Managing endpoints

Use the REST API to list, update, or delete your registered endpoints. 
curl https://neariq.io/api/v1/webhooks \
  -H "X-NearIQ-Key: niq_live_YOUR_KEY"

Limits

  • You can register up to 10 webhook endpoints per account.
  • NearIQ retries failed deliveries (non-2xx responses or timeouts) with exponential backoff.
  • Your endpoint should return a 2xx response within 10 seconds to be considered successful.