Back to Documentation
Integrations Guide
Technical documentation for setting up webhooks and integrating MockReview with your workflow
Table of Contents
1. Overview
MockReview webhooks allow you to receive real-time notifications about events in your projects. Connect to Slack, Discord, JIRA, or build custom integrations with your own systems.
Note: Webhooks are available on Solo+ and Team plans. JIRA integration requires Team or Enterprise plan.
2. JIRA Integration
Automatically sync design review updates to your JIRA issues. When files are approved, rejected, or commented on, MockReview posts formatted comments directly to linked JIRA issues.
📋
Team & Enterprise Feature
JIRA integration is available on Team and Enterprise plans with advanced webhook formatting, automatic linking, and template variables.
View Complete JIRA Setup GuideQuick Start
- Create a JIRA API token at Atlassian Account Security
- In MockReview, go to Settings → Webhooks
- Create a new webhook and select "JIRA" platform
- Enter your JIRA API URL (e.g.,
https://yoursite.atlassian.net/rest/api/3/issue/PROJECT-123/comment) - Add Authorization header with Base64-encoded credentials
- Enable "Format for JIRA" to use Atlassian Document Format
💡 Pro Tip: Use the template variable {{jiraIssueKey}} in your webhook URL to automatically post to the correct JIRA issue for each review. Learn more
3. Slack Setup
Step 1: Create Incoming Webhook
- Go to https://api.slack.com/apps
- Click "Create New App" → "From scratch"
- Name your app "MockReview" and select your workspace
- Navigate to "Incoming Webhooks" and activate
- Click "Add New Webhook to Workspace"
- Select the channel to post to (e.g., #design-reviews)
- Copy the generated webhook URL (starts with https://hooks.slack.com/services/...)
Step 2: Add to MockReview
- In MockReview, go to Settings → Integrations
- Click "Create Webhook"
- Select "Slack" as platform
- Paste your webhook URL
- Give it a name (e.g., "#design-reviews")
- Select the events you want to receive
- Click "Test" to verify, then "Save"
Example Slack Message:
🎨 Review Requested: Homepage Redesign Project: Mobile App Q4 View Review → [Link] 3 files • 2 reviewers invited
4. Discord Setup
Step 1: Create Discord Webhook
- Open Discord and navigate to your server
- Right-click the channel where you want notifications
- Click "Edit Channel" → "Integrations"
- Click "Create Webhook"
- Customize the name and avatar (optional)
- Click "Copy Webhook URL"
Step 2: Add to MockReview
- In MockReview, go to Settings → Integrations
- Click "Create Webhook"
- Select "Discord" as platform
- Paste your webhook URL
- Give it a name (e.g., "Design Reviews Channel")
- Select the events you want to receive
- Click "Test" to verify, then "Save"
Example Discord Embed:
┌───────────────────────────────────── │ 💬 Comment Added │ Project: Mobile App Q4 │ Review: Homepage Redesign │ File: hero-section.png │ │ "The call-to-action button needs │ more contrast" │ - john@example.com │ │ [View Comment] └─────────────────────────────────────
5. Custom Webhooks
Custom webhooks allow you to integrate MockReview with any system that can receive HTTP POST requests.
Requirements
- HTTPS endpoint (HTTP not supported for security)
- Must accept POST requests with JSON body
- Should respond with 2xx status code
- Timeout: 10 seconds
Setup
- Create an HTTPS endpoint in your application
- In MockReview, go to Settings → Integrations
- Click "Create Webhook"
- Select "Custom" as platform
- Enter your endpoint URL
- Optional: Provide a signing secret for HMAC verification
- Select events and save
5.1 HMAC Signature Verification
For security, custom webhooks include an HMAC signature in the X-MockReview-Signature header.
Node.js Example:
const crypto = require('crypto');
function verifyWebhook(req, secret) {
const signature = req.headers['x-mockreview-signature'];
const body = JSON.stringify(req.body);
const hmac = crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return signature === hmac;
}
// Express.js example
app.post('/webhooks/mockreview', (req, res) => {
if (!verifyWebhook(req, 'your-secret-here')) {
return res.status(401).send('Invalid signature');
}
const event = req.body;
console.log('Received:', event.eventType);
res.status(200).send('OK');
});Python Example:
import hmac
import hashlib
from flask import Flask, request
app = Flask(__name__)
@app.route('/webhooks/mockreview', methods=['POST'])
def webhook():
signature = request.headers.get('X-MockReview-Signature')
body = request.get_data()
secret = 'your-secret-here'
expected = hmac.new(
secret.encode(),
body,
hashlib.sha256
).hexdigest()
if signature != expected:
return 'Invalid signature', 401
event = request.get_json()
print(f"Received: {event['eventType']}")
return 'OK', 2006. Webhook Events
| Event | Description | When Triggered |
|---|---|---|
| REVIEW_REQUESTED | New review request created | User creates a review request and invites reviewers |
| COMMENT_ADDED | Comment/annotation added | Someone adds a comment to a file |
| FILE_APPROVED | File approved by reviewer | Reviewer clicks "Approve" on a file |
| FILE_REJECTED | File rejected by reviewer | Reviewer clicks "Reject" on a file |
| ALL_FILES_APPROVED | All files fully approved | Every file reaches required approvals |
| REVIEW_COMPLETED | Review request complete | All reviewers approve all files |
| REVIEWER_INVITED | Reviewer added to request | New reviewer invited to review |
| APPROVAL_RESET | File approval status reset | Owner resets file to request new reviews |
7. Payload Examples
Slack Payload (REVIEW_REQUESTED):
{
"attachments": [
{
"color": "#4299e1",
"title": "🎨 Review Requested: Homepage Redesign",
"title_link": "https://mockreview.com/projects/123/review-requests/456",
"fields": [
{
"title": "Project",
"value": "Mobile App Q4",
"short": true
},
{
"title": "Reviewers",
"value": "john@example.com, sarah@example.com",
"short": true
},
{
"title": "Files",
"value": "3 files uploaded",
"short": true
}
],
"footer": "MockReview",
"ts": 1729468800
}
]
}Note: All payloads include a timestamp field and event-specific data. The exact structure varies by event type. Test your webhook to see the full payload for each event.
8. Security Best Practices
- Always use HTTPS: Never expose webhook endpoints over plain HTTP
- Verify signatures: For custom webhooks, always validate the HMAC signature
- Use strong secrets: Generate random, long signing secrets (32+ characters)
- Validate payload: Check that received data matches expected structure
- Rate limiting: Implement rate limiting on your webhook endpoint
- Rotate secrets: Periodically update your webhook signing secrets
- Monitor failures: Track failed deliveries and investigate anomalies
- Keep URLs private: Don't share webhook URLs publicly or commit to version control
9. Troubleshooting
Webhook not delivering
- Use the "Test" button in MockReview to verify connectivity
- Check that your endpoint is publicly accessible via HTTPS
- Verify your server is responding with 2xx status codes
- Check server logs for errors or timeout issues
- Ensure firewall/security groups allow incoming connections
Slack messages not appearing
- Verify webhook URL is still valid (URLs can expire)
- Check you selected the correct channel when creating the webhook
- Regenerate webhook in Slack if URL is old
- Ensure the MockReview app has permission to post
Discord embeds not showing
- Confirm webhook URL is correct and not deleted in Discord
- Check channel permissions allow webhook posting
- Verify embeds are enabled in user settings (User Settings → Text & Images → Show embeds)
Signature verification failing
- Ensure you're using the exact secret from MockReview settings
- Hash the raw request body before JSON parsing
- Check character encoding (should be UTF-8)
- Verify you're using HMAC SHA-256 algorithm
- Compare signatures as strings, not hex vs base64
Still having issues? Check the webhook delivery history in MockReview settings for error messages, or contact support with your webhook ID.