AUTOMATE WITH WEBHOOKS.
Receive real-time notifications for deployment events. Build custom automation workflows with HTTP callbacks.
CREATING WEBHOOKS
Create webhooks from the Admin > Webhooks page in the Control Center. Each webhook receives POST requests with JSON payloads for configured events.
1. Navigate to Webhooks
Go to Admin > Webhooks in your Control Center dashboard.
2. Add Endpoint
Enter your webhook URL, select events, and save.
3. Copy Secret
Save the signing secret for payload verification.
WEBHOOK EVENTS
Subscribe to specific events or receive all deployment events.
| Event | Description |
|---|---|
| deployment.created | A new deployment was initiated |
| deployment.succeeded | Deployment completed successfully |
| deployment.failed | Deployment failed with an error |
| deployment.canceled | Deployment was canceled |
| domain.added | A domain was added to the project |
PAYLOAD FORMAT
Webhook payloads are JSON objects containing event details and deployment information.
{
"type": "deployment.succeeded",
"createdAt": "2024-01-15T10:30:00Z",
"deployment": {
"id": "dpl_abc123",
"name": "production",
"url": "https://my-project.boottify.com",
"meta": {
"gitCommitSha": "abc123def",
"gitCommitMessage": "Update homepage",
"gitBranch": "main"
}
},
"project": {
"id": "prj_xyz789",
"name": "my-project"
}
}VERIFYING WEBHOOKS
Verify webhook signatures to ensure requests come from Boottify. Each webhook includes a signature in the headers.
import crypto from 'crypto';
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(`sha256=${expected}`)
);
}
// In your webhook handler
app.post('/webhook', (req, res) => {
const signature = req.headers['x-boottify-signature'];
const isValid = verifyWebhook(
JSON.stringify(req.body),
signature,
process.env.WEBHOOK_SECRET
);
if (!isValid) {
return res.status(401).send('Invalid signature');
}
// Process webhook...
});SECURITY: Always verify webhook signatures in production to prevent unauthorized requests.