Skip to content
AM

Webhooks

Open /sites/:siteId/webhooks to register, enable, disable, and delete outbound site webhooks. The current event picker includes deployment.live, deployment.failed, order.created, and form.submitted.

Delivery history shows target, status, attempts, response status/body, last error, and retry timing. The backend retries network errors, HTTP 408, HTTP 429, and server errors. Redirect following is disabled, and delivery URLs must resolve to public hosts.

When a secret is configured, Studio signs the exact JSON body with HMAC-SHA256 and sends:

X-InBlack-Signature: sha256=<hex digest>

Other headers include X-InBlack-Event, X-InBlack-Site-ID, and X-InBlack-Delivery-ID. Compare a locally computed digest in constant time before processing the body.