Webhooks
Open /sites/:siteId/webhooks to register, enable, disable, and delete outbound site webhooks. The current event picker includes deployment.live, deployment.failed, order.created, and form.submitted.
Delivery history shows target, status, attempts, response status/body, last error, and retry timing. The backend retries network errors, HTTP 408, HTTP 429, and server errors. Redirect following is disabled, and delivery URLs must resolve to public hosts.
When a secret is configured, Studio signs the exact JSON body with HMAC-SHA256 and sends:
X-InBlack-Signature: sha256=<hex digest>Other headers include X-InBlack-Event, X-InBlack-Site-ID, and X-InBlack-Delivery-ID. Compare a locally computed digest in constant time before processing the body.
Related
Loading index…