Skip to main content
This guide shows you how to receive real-time Autotask webhooks in Nango using Autotask’s REST API webhook support.

How it works

Autotask supports webhooks for various entity types (Tickets, Companies, Contacts, etc.). The flow is:
  1. You create a webhook in Autotask via the REST API, pointing to your Nango webhook URL
  2. When the watched entity changes, Autotask sends a signed POST request to Nango
  3. Nango verifies the HMAC-SHA1 signature, matches the webhook to the correct connection using the Guid field, and triggers any matching sync onWebhook handlers

Setup

1. Configure the webhook secret

In the Nango dashboard, go to your Autotask integration settings and enter the webhook secret key. This is the same SecretKey you will use when creating the webhook in Autotask. Nango uses this to verify the x-hook-signature HMAC-SHA1 signature on incoming webhooks.

2. Get your webhook URL

Copy the webhook URL from your Autotask integration page in the Nango dashboard, under the Webhook URL section.

3. Create the webhook in Autotask

Create a webhook via the Autotask REST API. Replace the placeholders: 
curl -X POST "https://webservices<ZONE>.autotask.net/atservicesrest/v1.0/TicketWebhooks" \
  -H "Username: <API_USERNAME>" \
  -H "Secret: <API_SECRET>" \
  -H "APIIntegrationcode: <INTEGRATION_CODE>" \
  -H "Content-Type: application/json" \
  -d '{
    "IsActive": true,
    "DeactivationUrl": "<NANGO_WEBHOOK_URL>",
    "IsSubscribedToCreateEvents": true,
    "IsSubscribedToUpdateEvents": true,
    "IsSubscribedToDeleteEvents": true,
    "Name": "Nango Ticket Sync",
    "SecretKey": "<YOUR_SECRET_KEY>",
    "SendThresholdExceededNotification": false,
    "WebhookUrl": "<NANGO_WEBHOOK_URL>",
    "NotificationEmailAddress": "<API_USERNAME>"
  }'
Save the itemId from the response.

4. Add a subscribed field

At least one field with IsSubscribedField: true is required to activate the webhook: 
curl -X POST "https://webservices<ZONE>.autotask.net/atservicesrest/v1.0/TicketWebhooks/<WEBHOOK_ID>/Fields" \
  -H "Username: <API_USERNAME>" \
  -H "Secret: <API_SECRET>" \
  -H "APIIntegrationcode: <INTEGRATION_CODE>" \
  -H "Content-Type: application/json" \
  -d '{
    "FieldID": 2,
    "IsDisplayAlwaysField": false,
    "IsSubscribedField": true,
    "WebhookID": <WEBHOOK_ID>
  }'

5. Verify the webhook is ready

curl -X GET "https://webservices<ZONE>.autotask.net/atservicesrest/v1.0/TicketWebhooks/<WEBHOOK_ID>" \
  -H "Username: <API_USERNAME>" \
  -H "Secret: <API_SECRET>" \
  -H "APIIntegrationcode: <INTEGRATION_CODE>" | jq '.item | {name, isActive, isReady, webhookGUID}'
Should show isActive: true and isReady: true.

6. Set the webhook GUID on the connection

Each Autotask webhook has a unique Guid. Nango uses this to route webhooks to the correct connection. Use the webhookGUID value from step 5 to set the webhookGuid in the connection’s connectionConfig: 
curl -X PATCH "https://api.nango.dev/connection/<CONNECTION_ID>/config" \
  -H "Authorization: Bearer <NANGO_SECRET_KEY>" \
  -H "Provider-Config-Key: autotask" \
  -H "Content-Type: application/json" \
  -d '{"webhookGuid": "<AUTOTASK_WEBHOOK_GUID>"}'

Webhook payload

When a ticket event occurs, Autotask sends: 
{
    "Action": "Create",
    "Guid": "a1da62a4-2c49-40a8-8183-69994ce5b3eb",
    "EntityType": "Ticket",
    "Id": 351181,
    "Fields": {
        "TicketNumber": "T20250915.0001"
    },
    "EventTime": "2025-09-15T14:57:50Z",
    "SequenceNumber": 1,
    "PersonId": 30691780
}
FieldDescription
ActionCreate, Update, or Delete
GuidUnique webhook identifier (used for connection matching)
EntityTypeEntity type, e.g. Ticket (used for subscription matching)
IdThe entity ID
FieldsSubscribed fields and their values

Connection matching

Nango matches incoming webhooks to connections using the Guid field from the payload against the webhookGuid stored in the connection’s connectionConfig.
If the connection’s connectionConfig does not have a webhookGuid set, or if it doesn’t match the payload’s Guid, the webhook will not be routed to that connection.

Signature verification

Autotask signs webhook payloads using HMAC-SHA1 with the SecretKey configured on the webhook. The signature is sent in the x-hook-signature header as sha1=<base64-encoded-hash>. Nango verifies this signature using the webhook secret configured in the integration settings. See: Autotask Secret Key and Payload Verification
Need help getting started? Get help in the community.