Skip to main content
Ordaze
Get Started

Webhooks

Get notified when versions are published or events change. Ordaze supports generic HTTP webhooks with HMAC signing and Slack incoming webhooks.

Event Types

version.publishedFired when a new version is published. Includes change summary (added, removed, modified events) and breaking change analysis.
event.createdFired when a new event is created in the registry.
event.updatedFired when an existing event is modified (name, properties, destinations, etc.).
event.deletedFired when an event is deleted from the registry.

Payload Format

version.published

{
  "event": "version.published",
  "timestamp": "2025-01-15T10:30:00.000Z",
  "workspace": {
    "id": "proj_abc123",
    "name": "My App",
    "slug": "my-app"
  },
  "version": {
    "id": "ver_xyz789",
    "name": "2.1.0",
    "description": "Added checkout events",
    "publishedBy": "[email protected]",
    "eventCount": 42
  },
  "changes": {
    "added": ["checkout_started", "checkout_completed"],
    "removed": ["legacy_purchase"],
    "modified": ["signup_completed"],
    "summary": {
      "added": 2, "removed": 1,
      "modified": 1, "unchanged": 38
    }
  },
  "breakingChanges": {
    "hasBreakingChanges": true,
    "breakingCount": 1,
    "breakingChanges": [
      {
        "eventName": "legacy_purchase",
        "type": "event_removed",
        "description": "Event \"legacy_purchase\" was removed"
      }
    ]
  }
}

Generic Webhooks

Generic webhooks send a JSON payload to your endpoint via POST. Each webhook gets a unique signing secret when created.

Request Headers

HeaderValue
Content-Typeapplication/json
X-Webhook-EventThe event type (e.g. version.published)
X-Webhook-SignatureHMAC-SHA256 signature: sha256=<hex>
User-AgentAnalyticsTool-Webhook/1.0

HMAC Verification

Verify the X-Webhook-Signature header to ensure the payload is authentic. Compute HMAC-SHA256 of the raw request body using your webhook signing secret, then compare.

// Node.js example
const crypto = require("crypto");

function verifySignature(body, signature, secret) {
  const expected = "sha256=" +
    crypto.createHmac("sha256", secret)
      .update(body)
      .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

The signing secret starts with whsec_ and is shown only once when the webhook is created. Store it securely.

Slack Integration

Slack webhooks use Slack Incoming Webhooks. Ordaze formats the payload using Block Kit for rich messages.

  1. Create a Slack Incoming Webhook in your Slack workspace
  2. In Ordaze, create a webhook with type “Slack”
  3. Paste the Slack webhook URL
  4. Select which events to subscribe to

Slack messages include a header with version info, change summary, breaking change warnings, and a context footer with the publisher name and event count.

Delivery & Retry

SettingDetails
Timeout10 seconds per delivery attempt
LoggingEvery delivery is logged with status code, response time, and error message. View logs in Settings → Webhooks.
TestingSend a test delivery from the webhook settings page to verify your endpoint.

Previous

Code Generation

Next

Permissions