Dashboard / Webhooks
+ New key

Create a webhook

Pick which events should fan out to your endpoint. We sign every delivery so you can verify authenticity.

Must accept POST requests. We retry with exponential backoff on non-2xx responses.
Toggle each event. You must subscribe to at least one.

Registered webhooks

Your webhook endpoints will appear here.
URLDescriptionEventsStatusCreated

Signature verification

Every delivery is signed. Compare your computed HMAC to the value in the header.

POST /your-hook HTTP/1.1
x-stayingapi-signature: t=1716040800,v1=8b8c2bdac9...
content-type: application/json

{ "event": "job.succeeded", "data": { ... } }

// Node verification
import crypto from "node:crypto";
const sig = req.headers["x-stayingapi-signature"];
const [t, v1] = sig.split(",").map((p) => p.split("=")[1]);
const signed = `${t}.${rawBody}`;
const expected = crypto.createHmac("sha256", SIGNING_SECRET).update(signed).digest("hex");
if (!crypto.timingSafeEqual(Buffer.from(v1), Buffer.from(expected))) {
  return res.status(401).end();
}