All docs
Developers

Outgoing webhooks

Deliver workspace events (tasks, CRM, documents, security) to your own endpoints as signed JSON.

Outgoing webhooks

Outgoing webhooks send a JSON POST to your endpoint when something happens in your workspace. Set them up at Settings, Developers, Webhooks.

Setup

  1. Open Settings and pick the Developers tab.
  2. Under Webhooks, choose Add webhook.
  3. Enter an HTTPS endpoint URL, an optional description, and pick the events you want. Leave all events unchecked to receive every event.
  4. Copy the signing secret shown after creation. It is shown only once.

Request format

Each delivery is a POST with a JSON body:

{ "event": "task.created", "timestamp": "2026-01-01T00:00:00.000Z", "data": { "id": "...", "title": "..." } }

Headers:

  • X-Zetadeck-Event: the event name.
  • X-Zetadeck-Signature: sha256=<hex>, an HMAC-SHA256 of the raw request body using your webhook secret.

Verifying the signature

Compute HMAC-SHA256 of the raw body with your secret and compare it to the header. For example in Node:

import { createHmac, timingSafeEqual } from "node:crypto";
const expected = "sha256=" + createHmac("sha256", secret).update(rawBody).digest("hex");
const valid = timingSafeEqual(Buffer.from(expected), Buffer.from(signatureHeader));

Reject requests whose signature does not match.

Events

  • task.created
  • task.status_changed
  • task.deleted
  • client.created
  • client.stage_changed
  • document.created
  • siem.alert

Delivery notes

  • Endpoints must respond within 5 seconds. Slow or failing deliveries are recorded in the recent deliveries list for each hook.
  • Disable a hook with its toggle to pause deliveries without deleting it.
  • Rotate a compromised secret by deleting the hook and creating a new one.

Ready to try it?

Free forever for up to 3 people. No credit card required.