#Webhooks API
Subscribe to platform events via Webhooks for real-time notifications and integrations.
Base Path: /v1/webhooks
#Webhook Management
#Create Webhook
POST /v1/webhooksRequired Permission: webhooks:create
#Request Body
json{
"url": "https://your-server.com/webhook",
"events": [
"agent.created",
"agent.updated",
"agent.deleted",
"document.uploaded",
"document.processed",
"document.deleted",
"knowledge_base.created",
"knowledge_base.updated",
"knowledge_base.deleted"
],
"secret": "your-webhook-secret",
"active": true
}
| Field | Type | Required | Description |
|---|---|---|---|
url | string | Yes | Webhook receiver URL |
events | string[] | Yes | List of subscribed events |
secret | string | No | Signing secret for verifying request origin |
active | boolean | No | Whether active, default true |
#Response
HTTP 201 Created#List Webhooks
GET /v1/webhooksRequired Permission: webhooks:read
#Response
json{
"data": [
{
"id": "wh_abc123",
"url": "https://your-server.com/webhook",
"events": ["agent.created", "agent.updated"],
"active": true,
"createdAt": "2026-01-10T08:00:00Z",
"updatedAt": "2026-02-15T12:00:00Z"
}
],
"meta": {
"total": 1
}
}
#Get Webhook Details
GET /v1/webhooks/:idRequired Permission: webhooks:read
#Update Webhook
PUT /v1/webhooks/:idRequired Permission: webhooks:update
#Request Body
json{
"url": "https://new-server.com/webhook",
"events": ["agent.created"],
"active": false
}
#Delete Webhook
DELETE /v1/webhooks/:idRequired Permission: webhooks:delete
#Response
HTTP 204 No Content#Delivery Management
#Get Delivery History
GET /v1/webhooks/:id/deliveriesRequired Permission: webhooks:read
#Query Parameters
| Parameter | Type | Description |
|---|---|---|
limit | number | Number of items to return, default 50, max 100 |
#Response
json{
"data": [
{
"id": "delivery_xxx",
"webhookId": "wh_abc123",
"event": "agent.created",
"status": "success",
"statusCode": 200,
"payload": { "agent": { "id": "agent_xxx", "name": "..." } },
"response": "OK",
"duration": 250,
"attemptCount": 1,
"createdAt": "2026-02-20T08:00:00Z"
}
],
"meta": {
"total": 1
}
}
#Get Delivery Statistics
GET /v1/webhooks/:id/deliveries/statsRequired Permission: webhooks:read
#Response
json{
"total": 150,
"successful": 145,
"failed": 5,
"successRate": 96.67,
"avgDuration": 180
}
#Supported Events
#Agent Events
| Event Name | Description |
|---|---|
agent.created | Agent created |
agent.updated | Agent configuration updated |
agent.deleted | Agent deleted |
#Chat / Session Events
| Event Name | Description |
|---|---|
session.created | Chat session created |
message.created | Chat message created (includes user and assistant messages) |
#Knowledge Base Events
| Event Name | Description |
|---|---|
knowledge_base.created | Knowledge base created |
knowledge_base.updated | Knowledge base configuration updated |
knowledge_base.deleted | Knowledge base deleted |
#Document Events
| Event Name | Description |
|---|---|
document.uploaded | Document uploaded |
document.processed | Document processing completed (vectorized) |
document.deleted | Document deleted |
#Skill Events
| Event Name | Description |
|---|---|
skill.published | Skill published |
skill.installed | Skill installed to an Agent |
#Auth Events
| Event Name | Description |
|---|---|
user.created | New user registered |
login.failed | Login attempt failed |
account.locked | Account locked |
api_key.created | API Key created |
#Billing Events
| Event Name | Description |
|---|---|
subscription.created | Subscription created |
subscription.updated | Subscription updated (upgrade/downgrade) |
invoice.paid | Invoice payment completed |
budget_alert.triggered | Budget alert triggered |
budget.threshold_exceeded | Budget threshold exceeded |
#Import Job Events
| Event Name | Description |
|---|---|
import_job.completed | Import job completed |
import_job.failed | Import job failed |
import_job.partially_failed | Import job partially failed |
#Webhook Payload Format
When an event is triggered, the system sends a POST request to the registered URL:
POST https://your-server.com/webhook
Content-Type: application/json
X-Webhook-Signature: sha256=...json{
"event": "agent.created",
"timestamp": "2026-02-20T08:00:00Z",
"data": {
"agent": {
"id": "agent_xxx",
"name": "New Assistant",
"model": "zhipu/glm-4"
}
}
}
#Signature Verification
If a secret was provided when creating the Webhook, each delivery will include an X-Webhook-Signature header, signed using the HMAC-SHA256 algorithm.
Verification example (Node.js):
javascriptconst crypto = require('crypto');
function verifyWebhookSignature(payload, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload, 'utf8')
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected),
);
}
#Retry Policy
When a Webhook delivery fails (HTTP status >= 400 or timeout), the system retries with the following strategy:
- 1st retry: 1 minute delay
- 2nd retry: 5 minute delay
- 3rd retry: 30 minute delay
After 3 failed retries, the delivery is marked as failed. Details can be viewed via the delivery history endpoint.