All systems operational

Webhook Architecture

APIAvailable

Outbound webhooks let an organization receive HMAC-signed event notifications at its own endpoints, with retry, backoff, and a dead-letter state. The platform also receives inbound webhooks from Stripe, Twilio, and WhatsApp.

#Purpose

Document how events are delivered outbound and how inbound webhooks are handled.

#Architecture

Organizations register endpoint URLs (with a signing secret and a list of subscribed event types). A dispatch job reads the platform's event stream per organization from a cursor and enqueues a delivery for each (endpoint, event) whose type is subscribed; deliveries are idempotent per (endpoint, event).

Each delivery payload is signed with HMAC-SHA256; the signature is sent as a sha256=… value. Deliveries retry with exponential backoff and end in a terminal dead-letter state if they keep failing.

Inbound webhooks are handled for Stripe billing (verified with the Stripe webhook secret) and for Twilio/WhatsApp in the sales flows.

1
Event written
To the event stream.
2
Dispatch job
Reads new events per org.
3
Sign & deliver
HMAC sha256=, per endpoint.
4
Retry/dead-letter
Backoff, then terminal.

#How it works

1

Register endpoint

An org (webhooks:manage) adds a URL, secret, and subscribed events.
2

Fan-out

The dispatch job enqueues deliveries for matching new events.
3

Sign & send

Each payload is HMAC-signed and POSTed to the endpoint.
4

Verify at receiver

The receiver recomputes the HMAC over the body to verify authenticity.

#Reference

#Subscribable event types

EventMeaning
lead_won / lead_lostA lead was won or lost
proposal_acceptedA proposal was accepted
meeting.bookedA meeting was booked
invoice.paidAn invoice was paid
payment_failedA payment failed
project.completed / task.completedDelivery milestones
client.createdA client was created
billing.suspendedBilling was suspended
survey.submittedA survey was submitted
Signature header (concept)
X-Signature: sha256=<hmac_sha256(secret, body)>

#Implementation notes

  • Deliveries are idempotent via a unique (endpoint, event) constraint.
  • A per-org cursor tracks progress over the event stream.
  • Managing endpoints requires the webhooks:manage scope or admin access.

#Limitations

Known limitations

  • Outbound events are limited to the defined event-type list.
  • Delivery is at-least-once with retries; receivers must be idempotent.

#Security considerations

Security

  • Always verify the HMAC signature before trusting a payload.
  • Keep the endpoint secret confidential.
  • Return quickly and process asynchronously to avoid retries from timeouts.

#Best practices

  • Verify signatures and treat delivery as at-least-once.
  • Subscribe only to needed events.
  • Monitor for dead-lettered deliveries.

Still need help?

Can’t find what you’re looking for? The DevSphere OS team is happy to help.