Partner Inbound Webhooks

Register these NowBookIt-hosted endpoints as webhook targets in your POS or system. NowBookIt processes each event to sync bookings and sales. All routes follow:

[BASE_URL]/partners/{partnerName}/{endpoint}

Endpoints

Endpoint	Purpose
`POST partners/{partnerName}/webhooks/callback/{eventType}`	Generic event callback
`POST Sales/partners/{partnerName}/events/{eventType}`	Sales and booking events
`POST partners/{partnerName}/giftcards/redeem`	Gift card redemption
`POST partners/{partnerName}/giftcards/balance`	Gift card balance check

Authentication

These endpoints use HMAC signature authentication — not X-API-KEY. At onboarding you receive:

A signature header name (e.g. X-Partner-Signature)
A shared secret to compute the HMAC over request body + URL

Requests missing or with invalid signatures are rejected with 400 Bad Request.

Do not use X-API-KEY for partner inbound webhooks. HMAC signing is required.

Outbound Webhooks Webhook Security

⌘I

​Endpoints

​Authentication

Endpoints

Authentication