WarmblyDocs

Integrations

Connect third-party tools over OAuth and send data out via webhooks.

Integrations connect Warmbly to the rest of your stack. When something happens in Warmbly, a reply lands, a meeting is booked, an email bounces, an integration can push that data into your CRM, ping a channel, or hand it off to an automation tool.

The Integrations page is a searchable directory grouped by category, with a rail of your existing connections across the top. Connection state stays live, so a connection that needs reconnecting shows up without a manual refresh.

How connecting works

Warmbly prefers a one-click OAuth connect wherever the provider supports it. With OAuth there are no API keys to copy and paste: you authorize Warmbly in the provider's own consent screen, and Warmbly stores the resulting tokens for you.

There are three connect styles, shown on each catalog card:

  • one-click (OAuth): you click Connect, authorize in the provider, and come back connected. This is the path for HubSpot, Salesforce, Pipedrive, and Slack.
  • api_key: you paste a key the provider gives you. This is used where the provider does not offer an OAuth app (for example, Close).
  • webhook: Warmbly mints an inbound URL for you to paste into the provider (Calendly and Cal.com), or you paste a channel webhook URL (Discord).

OAuth providers cannot be connected with a pasted key

For an OAuth provider you must start the authorize flow. Pasting credentials for that provider is rejected so a token is never stored the wrong way. If a connected token later expires or is revoked, the connection moves to a "reconnect required" state and you reauthorize with one click.

Where your credentials live

Every secret value, OAuth tokens and any pasted key or webhook URL, is sealed with envelope encryption (using the connecting user's key) before it touches the database. Only non-secret display details (an account name, a workspace, a Salesforce instance host) are stored in the clear so the dashboard can label the connection.

Supported providers

ProviderCategoryConnectWhat it does
HubSpotCRMone-click OAuthCreate or update a contact and log the reply as a note
SalesforceCRMone-click OAuthUpsert a contact on reply or on demand
PipedriveCRMone-click OAuthUpsert a person on reply or on demand
CloseCRMAPI keyUpsert a lead on reply or on demand
ZapierAutomationWarmbly API keyFan events to a Zap webhook URL
MakeAutomationWarmbly API keyFan events to a Make webhook URL
n8nAutomationWarmbly API keyFan events to an n8n webhook URL
SlackNotificationsone-click OAuthPing a channel on reply, bounce, or deliverability dips
DiscordNotificationswebhook URLPing a server channel on reply, bounce, or warmup health
CalendlyMeetingsminted inbound URLTrack booked, rescheduled, and canceled calls
Cal.comMeetingsminted inbound URLOpen-source booking, same live meeting tracking

Automation tools connect with a Warmbly API key, not a stored secret

Zapier, Make, and n8n connect in one click with no credential stored on the integration. Warmbly sends events out to the webhook URL you configure in those tools. When one of those tools needs to call back into Warmbly, it authenticates with a scoped API key you create on the API keys page.

Field mappings (CRM)

For CRM integrations, a field mapping decides how a Warmbly contact projects onto the provider's fields. Each connection has a sensible default map out of the box, so an unconfigured CRM connection behaves exactly as you would expect:

  • HubSpot maps email, first_name, last_name, company, phone onto email, firstname, lastname, company, phone.
  • Salesforce maps onto Email, FirstName, LastName, Phone.
  • Pipedrive maps onto name, email, phone (a person).
  • Close maps onto name, email, phone, company (a lead).

You can override the default map per connection. A mapping row pairs a Warmbly source field with the destination field name, and can apply a simple transform (uppercase, lowercase, trim) or write a fixed static value. Custom contact fields are addressed as custom:your_key.

Blank values are not written

Empty values are dropped before the upsert, so a missing first name never overwrites an existing one in your CRM with a blank.

A few rules worth knowing:

  • Mappings resolve in order of specificity: provider defaults first, then your connection default map, then any per-automation overrides. The most specific value for a given destination field wins.
  • A static value can include event variables. For example a static company source written as {{.company}} is filled from the event data. See Personalization & expressions for the full variable list.

Webhook delivery

When you connect an automation tool (Zapier, Make, n8n) or a generic webhook target, Warmbly delivers events as signed HTTP POSTs to the URL you configure. The delivery is built to be safe and verifiable.

HMAC-signed

Each outbound delivery carries an HMAC-SHA256 signature so the receiver can confirm it really came from Warmbly and was not tampered with. Open the connection's settings to reveal its signing secret (a whsec_-prefixed key, generated on first request). Configure that secret on your end and verify the signature header on every request. The signed body includes a stable delivery id, the event type, a version, a timestamp, and the full event data.

HTTPS and SSRF-guarded

Any URL you give Warmbly to POST to is validated before it is stored, using the same policy as customer webhooks:

  • the scheme must be https
  • the host must be publicly routable (no localhost, no loopback, no private or link-local addresses)

This guards against requests being aimed at internal services. Only development or self-hosted setups can opt into unsafe URLs by setting WARMBLY_ALLOW_UNSAFE_WEBHOOK_URLS=true, which then also permits http and private hosts.

Send a test event

After adding a notification or generic-webhook automation, use Send test event to fire a synthetic payload through the real delivery path. It is signed exactly like production, so you can verify your signature check before relying on it. CRM upsert actions are skipped during a test, so a test never writes a junk record into your CRM.

Inbound webhooks (meetings)

Calendly and Cal.com work the other way around: they call into Warmbly. When you connect one, Warmbly mints an inbound URL for you to paste into the provider's webhook subscription. Booked, rescheduled, and canceled calls then land on the contact timeline and the Meetings page in real time. You can rotate the inbound URL secret from the connection settings if it is ever exposed.

How integrations feed automations

Integrations are most useful as the actions at the end of an automation. An automation is a flow that starts with a trigger event and runs one or more action steps. Your connected integrations are what those steps act on:

  • post to a Slack channel or a Discord channel
  • upsert a contact, person, or lead in your CRM
  • fan the event out to Zapier, Make, n8n, or any signed webhook target

When a Warmbly event fires, it is delivered to every matching automation. Actions run in the background, so a slow or failing third party never blocks the event that triggered it. Failures are recorded against the connection's health and visible in its recent activity, rather than being retried forever or silently lost.

The most actionable events are offered as triggers and actions:

  • reply received (with the reply intent)
  • email bounced
  • unsubscribed
  • meeting booked, rescheduled, or canceled
  • warmup health changed
  • deliverability complaint

You can also filter when an action runs. A common pattern is to only notify or push to a CRM on a positive reply, or only above a minimum classifier confidence. A reply event also informs the deliverability signals Warmbly tracks per mailbox.

Push contacts on demand

Beyond event-driven flows, you can push a batch of contacts into a connected CRM on demand from the dashboard. Each record reports its own result, so you can see exactly what synced.

Next steps

On this page