API

Webhooks

How Everyn sends signed run, row, export, and test events to customer endpoints.

Webhooks let Everyn notify your system when run, row, export, or test events happen. Endpoint configuration is API-managed, secrets are generated by Everyn, and delivery records stay inspectable without exposing secret material.

Webhook workflow

Create a webhook endpoint:

curl -sS -X POST "$EVERYN_BASE_URL/v1/webhook-endpoints" \
  -H "Authorization: Bearer $EVERYN_API_KEY" \
  -H "Idempotency-Key: webhook-001" \
  -H "Content-Type: application/json" \
  --data '{
    "url": "https://example.com/everyn/webhooks",
    "eventTypes": ["run.succeeded", "row.failed", "export.ready"],
    "description": "Production webhook endpoint",
    "enabled": true
  }'

Signing headers:

Everyn-Webhook-Id
Everyn-Webhook-Timestamp
Everyn-Webhook-Signature: v1=<lowercase hex hmac sha256>

The signed content is:

<timestamp>.<raw UTF-8 body>

Webhook behavior:

TopicContract
Secret visibilitysigningSecret is returned only on create or rotate-secret.
Payload shapeThin event envelope; fetch sensitive details through authenticated API routes.
Endpoint URLsPublic HTTPS URLs only; unsafe local, credentialed, fragmented, or non-default-port URLs are rejected.
Delivery inspectionUse GET /v1/webhook-deliveries and GET /v1/webhook-deliveries/{deliveryId}.
Manual testUse POST /v1/webhook-endpoints/{webhookEndpointId}/test.
Secret rotationUse POST /v1/webhook-endpoints/{webhookEndpointId}/rotate-secret.

Use the generated Webhooks API reference for endpoint details and Authentication for required scopes.