Receives a JSON payload for a tenant inbound webhook. Authentication, idempotency, rate limit, and handler behavior are controlled by the webhook configuration.
RBAC · inbound_webhook
Path parameters
tenantSlugstringRequired
URL-safe tenant slug used for inbound webhook routing.
webhookSlugstringRequired
URL-safe inbound webhook slug unique within the tenant.
Header parameters
content-typestringOptional
Expected to be application/json for JSON payloads.
x-signaturestringOptional
Example HMAC-SHA256 signature header. Actual header name is webhook-configurable.
x-idempotency-keystringOptional
Optional idempotency key header when the webhook uses a header idempotency source.
Request body
Content type: application/json
any
Response body
Success response 200
delivery_idstring <uuid>Required
Response codes
200
Request accepted or treated as duplicate no-op.
400
Invalid request payload or handler validation failure.
401
Authentication failed or receiver is unknown/inactive. Response body is intentionally empty to avoid leaking which webhooks exist.