Studio site webhooks (outbound)
The implemented Studio outbound delivery publishes a form submission to active site webhook targets registered for form.submitted.
Payload
{ "event": "form.submitted", "siteId": "<site UUID>", "formId": "<form UUID>", "submissionId": "<submission UUID>", "createdAt": "2026-07-10T12:00:00Z", "contactId": "<optional contact UUID>", "data": { "email": "alex@example.com" }}The payload does not use the AuditCore envelope and does not include an attempt number. Use X-InBlack-Delivery-ID to correlate transport attempts for one delivery.
Register a target
In Studio, open a site’s Webhooks page and provide:
- Event: choose
form.submittedfor an implemented delivery. - URL: a resolvable public HTTP(S) endpoint.
- Optional signing secret.
- Active or inactive state.
The page can create/update, enable/disable, delete, refresh, and show delivery status. It does not have a test-send or manual-redelivery control.
The MCP catalog exposes inblack_configure_studio_form_webhook for a form-level webhook configuration. It does not expose generic site-webhook create/list/delete tools.
Delivery behavior
Studio makes at most three attempts. It retries transport errors, 408, 429, and 5xx; it does not retry other 4xx. Backoff is 1 second after the first failure and 2 seconds after the second. Each request has a 10-second timeout and redirects are rejected.
Return a 2xx quickly, then process asynchronously. Make handling idempotent using the delivery or submission identifier because a retry repeats the same payload.
If a signing secret is configured, verify X-InBlack-Signature before parsing or acting on the payload.