Overview
Enable HMAC/secret validation, guard against replay, and test from vendor consoles.
Prerequisites
None.
Permissions required
Downloads & Templates
Steps (3)
-
1
Turn on signature checks
Connector → Security → **Require signed webhooks**. Set shared secret or public key and allowed clock skew (±300s).
Tips
—
Validation
—
Success criteria
—
-
2
Enable replay protection
Require nonce + timestamp; store seen nonces for 10 minutes in the gateway cache.
Tips
—
Validation
—
Success criteria
—
-
3
Send test events
Use vendor console (e.g., Twilio, Meta) to send sample events. Confirm PulseGate accepts signed payloads and rejects tampered ones.
Tips
—
Validation
—
Success criteria
- Unsigned requests return 401; signed requests are ingested and normalized.
About this guide
PulseGate centralizes business messaging for SMS and popular OTT channels including WhatsApp, Facebook Messenger, Instagram DM, and Telegram. Connect providers like Twilio or Meta Cloud API once, then send and receive through a single, normalized interface. PulseGate tracks delivery receipts, applies rate-limit aware retries, and surfaces errors with one-click safe requeue.
Admins manage connectors, numbers/senders, WhatsApp templates, and compliance (opt-in/opt-out, quiet hours). Apps such as LiveConnect and Agent Desk consume clean events and message states without worrying about vendor quirks.
Built for reliability and scale with queues, backoff, DLQs, and health dashboards.