Integration Guide
Connect Hellotik to the tools your team already uses. This guide walks through preparation, secure setup, testing, and long-term maintenance so integrations stay reliable as your workspace grows.
Step 1
Prepare credentials
Step 2
Connect and verify data flow
Step 3
Monitor health and alerts
Before you connect anything
- Define the integration owner and backup owner for operational continuity.
- Create least-privilege service accounts in third-party tools.
- Store API keys and secrets securely and rotate on a fixed schedule.
- Document expected fields, event names, and sync frequency.
- Use a test environment first when the provider supports sandbox mode.
Standard connection flow
Follow the same setup pattern for every provider. Consistency makes audits easier and reduces onboarding time for new admins.
- Open Settings and navigate to Integrations.
- Select a provider and enter credentials or OAuth authorization.
- Map required fields and event types.
- Run a test action to validate successful sync.
- Enable production mode and set alerting thresholds.
Email providers (SMTP and inbox sync)
For Google Workspace or Microsoft 365, use app-specific credentials or OAuth app registration as recommended by the provider. Validate SPF, DKIM, and DMARC records before going live to improve deliverability and reduce spam placement.
Recommended checks
- Send and receive test messages across at least two external domains.
- Confirm tickets are created with correct sender metadata.
- Verify replies maintain threading in both systems.
Website widget integration
Install the widget snippet on every customer-facing page where support should be available. Keep environment-based keys separated so test traffic and production conversations never mix.
<script src="https://hellotik.com/widget/config" async></script>Webhook integrations
Use signed webhook payloads and reject requests with invalid signatures. Configure retry handling with idempotency keys to avoid duplicate actions when providers resend events.
- Store raw webhook payloads for debugging and compliance.
- Process asynchronously with queue workers for better reliability.
- Return fast acknowledgements and handle business logic in jobs.
API and token strategy
Issue separate tokens for each integration to isolate scope and simplify revocation. Rotate tokens regularly and monitor usage patterns for unusual spikes that may indicate leakage.
Do
- Limit token scopes to only needed actions.
- Track which service owns each token.
- Enforce rotation every 60 to 90 days.
Avoid
- Reusing one token for multiple systems.
- Embedding secrets in frontend code.
- Ignoring failed authentication logs.
Validation checklist before launch
- Test success and failure scenarios with real sample payloads.
- Confirm data mapping, timestamps, and timezone behavior.
- Review permissions and secrets with security owners.
- Validate fallback behavior when provider APIs are unavailable.
- Create an internal runbook with escalation contacts.
Monitoring and maintenance
Review integration health daily for critical channels and weekly for non-critical automations. Watch queue depth, webhook failures, rate-limit errors, and auth expirations so you can resolve issues before customers are affected.
Troubleshooting quick reference
- 401 or 403 errors: Recheck token scope, provider app permissions, and expiration dates.
- Duplicate events: Implement idempotency keys and deduplicate by event identifier.
- Missing records: Review webhook retry policy, queue worker health, and dead-letter jobs.
- Slow sync: Check provider rate limits, batch size, and worker concurrency settings.
Need help with a custom integration?
Share your use case and our team can help you design a safe and reliable integration path for your workflow.