Skip to content
AM

Studio site webhooks (outbound)

The implemented Studio outbound delivery publishes a form submission to active site webhook targets registered for form.submitted.

Payload

{
"event": "form.submitted",
"siteId": "<site UUID>",
"formId": "<form UUID>",
"submissionId": "<submission UUID>",
"createdAt": "2026-07-10T12:00:00Z",
"contactId": "<optional contact UUID>",
"data": {
"email": "alex@example.com"
}
}

The payload does not use the AuditCore envelope and does not include an attempt number. Use X-InBlack-Delivery-ID to correlate transport attempts for one delivery.

Register a target

In Studio, open a site’s Webhooks page and provide:

  • Event: choose form.submitted for an implemented delivery.
  • URL: a resolvable public HTTP(S) endpoint.
  • Optional signing secret.
  • Active or inactive state.

The page can create/update, enable/disable, delete, refresh, and show delivery status. It does not have a test-send or manual-redelivery control.

The MCP catalog exposes inblack_configure_studio_form_webhook for a form-level webhook configuration. It does not expose generic site-webhook create/list/delete tools.

Delivery behavior

Studio makes at most three attempts. It retries transport errors, 408, 429, and 5xx; it does not retry other 4xx. Backoff is 1 second after the first failure and 2 seconds after the second. Each request has a 10-second timeout and redirects are rejected.

Return a 2xx quickly, then process asynchronously. Make handling idempotent using the delivery or submission identifier because a retry repeats the same payload.

If a signing secret is configured, verify X-InBlack-Signature before parsing or acting on the payload.