Customize webhooks

You can manage webhooks tokens by clicking on “webhooks” when managing the settings of a workspace.

Paid feature

This feature is only available for paid workspaces and one of the few functionalities that are not available in the tutorial workspace.

You can create webhook by entering an URL. This will create a webhook and cause many events to be send to that URL. You can have as many webhooks as you want.

The destination URL has the following requirements:

• The scheme must be https
• The destination must be a valid hostname
• The destination can’t be root domain
• The destination must accept POST-methods

In addition the destination must return a 200 as soon as possible. If not the following errors can occur:

• Illegal: The URL is considered illegal and can’t be used.
• Timeout: When it takes too much time to deliver a message
• 4xx: When the server responds with a HTTP status 4xx
• 5xx: When the server responds with a HTTP status 5xx.
• Unreachable: When the server couldn’t be reached. Most likely a DNS issue.
• Error: Any other error.

Our server will not read or parse any response. Only the status code is checked.

The success or failure of sending a webhook is logged and used to determine if the webhook should be penalized if too many error have been detected in a row.

Errors detected	Penalty
<=5	No penalty
5-10	1 second
11-30	2 seconds
31-60	5 seconds
61-120	1 minute
121-150	1 hour
>150	Disable the webhook

You can always skip and re-enable the webhook.

To help you improve the security every message is send with an X-webhook-signature HTTP header that can be used to verify the origin of the message. On the details page you can find the key that was used to sign the message.

Implementing this check is highly recommend since otherwise anyone can fake the message.