All docs
Developers
Outgoing webhooks
Deliver workspace events (tasks, CRM, documents, security) to your own endpoints as signed JSON.
Outgoing webhooks
Outgoing webhooks send a JSON POST to your endpoint when something happens in your workspace. Set them up at Settings, Developers, Webhooks.
Setup
- Open Settings and pick the Developers tab.
- Under Webhooks, choose Add webhook.
- Enter an HTTPS endpoint URL, an optional description, and pick the events you want. Leave all events unchecked to receive every event.
- Copy the signing secret shown after creation. It is shown only once.
Request format
Each delivery is a POST with a JSON body:
{ "event": "task.created", "timestamp": "2026-01-01T00:00:00.000Z", "data": { "id": "...", "title": "..." } }Headers:
X-Zetadeck-Event: the event name.X-Zetadeck-Signature:sha256=<hex>, an HMAC-SHA256 of the raw request body using your webhook secret.
Verifying the signature
Compute HMAC-SHA256 of the raw body with your secret and compare it to the header. For example in Node:
import { createHmac, timingSafeEqual } from "node:crypto";
const expected = "sha256=" + createHmac("sha256", secret).update(rawBody).digest("hex");
const valid = timingSafeEqual(Buffer.from(expected), Buffer.from(signatureHeader));Reject requests whose signature does not match.
Events
task.createdtask.status_changedtask.deletedclient.createdclient.stage_changeddocument.createdsiem.alert
Delivery notes
- Endpoints must respond within 5 seconds. Slow or failing deliveries are recorded in the recent deliveries list for each hook.
- Disable a hook with its toggle to pause deliveries without deleting it.
- Rotate a compromised secret by deleting the hook and creating a new one.