To set up a webhook, you need to configure your payload url, the webhook event type, and (optionally), a secret token.

Webhooks are configured in Ashby under the Admin panel, by going to Admin > Ashby API > Webhooks. Create a new webhook by clicking the "New" button or edit/delete an existing webhook by clicking on it in the list.

Payload url

This is the url that webhook requests will be sent to. You can configure different urls for different webhooks, or create multiple webhooks for the same event to "fan out" requests to different urls.

Webhook event type

This is the type of event that you want to receive webhooks for. You can choose the event type from a dropdown when configuring a new webhook.

Secret Token

You can provide a secret token that will be used by Ashby to cryptographically sign all webhook requests. The signature will be sent with the request in an Ashby-Signature http header. By computing a digest of the payload using your secret token, you can compare it to the signature sent with the request to be sure that it was generated by Ashby using the token you provided.

Although you don't have to provide this token, it's strongly encouraged that you do so in order to protect yourself against malicious parties sending bogus webhooks to your server.

Ping webhooks

When you create or edit a webhook, a "ping" webhook with some basic data about the webhook configuration will be sent to your endpoint. If your server does not respond to the request, or responds with an error code (any code >400), the webhook will still be created but in a disabled state, where requests will not be sent. After fixing your server endpoint, you can go back to the webhook and check the "enabled" box and click the "Update" button to create a new ping request. If this is successful, your webhook will be enabled.