ReviewNudger API

Last updated: July 5, 2026

The ReviewNudger™ API lets any system that can send an HTTPS request trigger an automatic Google review request: automation platforms like Make.com, Integrately, and n8n, internal tools, or your own code. All endpoints are served from https://www.reviewnudger.com over HTTPS with JSON request bodies. Questions: support@reviewnudger.com.

Every event you send is recorded and visible in your dashboard — including suppressed or failed requests with their reason — so an automation that stops working is never a silent failure.

Authentication: API key

Requests authenticate with your account's webhook API key, a value starting with rndg_ct_. The account owner creates and rotates it in the dashboard under Settings → Connected apps → Direct webhook key; it is shown once at creation, so store it in a secret manager. Send it on every request:

Authorization: Bearer rndg_ct_...

Because the key is verified against the account named in the request body, API-key requests must include accountId (and locationId for multi-location accounts) as documented below. Rotating the key invalidates the previous value immediately.

Platform partners that connect many users — like the ReviewNudger Zapier integration — use OAuth 2.0 instead, which also unlocks the create-contact action and read feeds. That flow is documented at /docs/zapier-api.

POST /webhook/custom — create a review request

Records a completed payment or job and, subject to the location's automation settings, creates and schedules one review request for the customer. Send Content-Type: application/json. With API-key authentication the supported eventType is payment_completed; other event types are acknowledged with HTTP 200 and ignored. (The customer_created contact action is available on the OAuth path.)

Account and location fields

FieldTypeRequiredDescription
accountIdstringYesYour ReviewNudger account ID (UUID). Shown next to the webhook key in Settings.
locationIdstringSingle location: noThe business location the review request belongs to. Optional only when the account has exactly one location; required for multi-location accounts.

Event fields

FieldTypeRequiredDescription
eventTypestringYesMust be payment_completed.
receiptIdstringYesStable unique ID for the source event (for example the payment or order ID). This is the idempotency key: replays with the same receiptId do not create duplicates.
occurredAtstringYesISO-8601 timestamp of when the payment or transaction completed.
paymentIdstringYesThe payment, order, job, or transaction ID from the source system.
amountstring or numberYesTransaction amount as a non-negative decimal with at most 2 fraction digits, for example 125.50.
currencystringYesThree-letter ISO currency code, for example USD.
customerEmailstringOne of email/phoneCustomer email address. At least one of customerEmail or customerPhone is required.
customerPhonestringOne of email/phoneCustomer phone number. At least one of customerEmail or customerPhone is required.
customerNamestringNoCustomer full name.
customerFirstNamestringNoCustomer first name, if the source system provides it separately.
customerLastNamestringNoCustomer last name, if the source system provides it separately.
metadataobjectNoOptional JSON object with key-value pairs stored for troubleshooting.

Example

curl -X POST https://www.reviewnudger.com/webhook/custom \
  -H "Authorization: Bearer rndg_ct_..." \
  -H "Content-Type: application/json" \
  -d '{
    "accountId": "<your account UUID>",
    "eventType": "payment_completed",
    "receiptId": "invoice-10394",
    "occurredAt": "2026-07-05T14:00:00Z",
    "paymentId": "invoice-10394",
    "amount": 125.50,
    "currency": "USD",
    "customerEmail": "customer@example.com",
    "customerName": "Jordan Lee"
  }'

HTTP/1.1 200 OK

OK

Idempotency and retries

  • receiptId is the idempotency key, scoped per account. Use a stable ID from the source system (invoice ID, payment ID, booking ID) and reuse it on every retry of the same event.
  • Replaying a request that was already processed returns HTTP 200 without creating anything new. One event creates at most one review request, enforced by a unique constraint on the normalized event.
  • After an HTTP 500, retry with the same receiptId: the retry resumes processing of the original event and cannot double-send.
  • Your per-location send delay, cooldown, and opt-out settings apply to every request, no matter which system sent the event.

Errors

The webhook endpoint returns plain-text error bodies. Responses include an X-RN-Auth-Method header identifying how the request was authenticated.

StatusMeaning
HTTP 400Validation failure. The plain-text body names the field, for example "occurredAt must be a valid ISO-8601 timestamp." Do not retry without fixing the payload.
HTTP 401Missing or invalid API key, or the key does not belong to the accountId in the body. Check the key and accountId in Settings.
HTTP 500Processing failure on our side. Safe to retry with the same receiptId; the replay collapses onto the original event.

Platform guides