Dashboard / Webhooks
⌘K
+ New key Webhooks
Outbound deliveries signed with HMAC. Header:
x-stayingapi-signature.Create a webhook
Pick which events should fan out to your endpoint. We sign every delivery so you can verify authenticity.
Registered webhooks
Your webhook endpoints will appear here.
| URL | Description | Events | Status | Created | |
|---|---|---|---|---|---|
Signature verification
Every delivery is signed. Compare your computed HMAC to the value in the header.
POST /your-hook HTTP/1.1
x-stayingapi-signature: t=1716040800,v1=8b8c2bdac9...
content-type: application/json
{ "event": "job.succeeded", "data": { ... } }
// Node verification
import crypto from "node:crypto";
const sig = req.headers["x-stayingapi-signature"];
const [t, v1] = sig.split(",").map((p) => p.split("=")[1]);
const signed = `${t}.${rawBody}`;
const expected = crypto.createHmac("sha256", SIGNING_SECRET).update(signed).digest("hex");
if (!crypto.timingSafeEqual(Buffer.from(v1), Buffer.from(expected))) {
return res.status(401).end();
}