API Reference

Webhooks API

Webhook endpoint management.

Overview

Register HTTPS endpoints to receive signed event payloads when runs complete, failures escalate, governance events occur, or agents change state.

Manage webhook endpoints programmatically for infrastructure-as-code deployments alongside Terraform or internal platform APIs.

Who should read this

  • Platform engineers automating event-driven workflows and notification routing.

Prerequisites

  • API key with webhooks:manage permission
  • Public HTTPS endpoint with valid TLS certificate

When to use this workflow

  • Onboarding new team members to Zof terminology and workflows
  • Authoring internal runbooks aligned with Console labels
  • Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Create endpoint

POST /v1/webhooks with url and events array.

Persist returned signing secret in vault immediately.

Implement handler

Verify HMAC signature on raw body.

Return 200 quickly; process async via queue.

Test delivery

POST /v1/webhooks/{id}/test or use Console test button.

Confirm event appears in application logs.

Key concepts

Organization scope
All Zof Console and API operations are isolated to your authenticated tenant.
Governed execution
Agent output and remediation follow policy packs with human approval when configured.

Best practices

  • Verify HMAC signature on every delivery
  • Respond 2xx within timeout; process async
  • Use idempotency keys to dedupe retries

API operations

GET
/webhooks
List endpoints
POST
/webhooks
Create with url, events[], secret
POST
/webhooks/{id}/test
Send test payload

Was this page helpful?

Webhooks API | Zof AI Documentation