06-Jan-2026 | 7.7.6 | Added HMAC-SHA256 Signing support for External URL field.
Contributors:
Getting Started With Webhooks
Webhooks allow your WebinOne website to send automated notifications/messages to other servers or 3rd party applications in real-time, based on an individual event, so that the system can execute its functions based on the data of the event received.
Creating Webhooks
After configuring your API credentials under ‘Settings’ > ‘API Application’, you can configure your Webhook on the “Webhooks” tab.
For more details on setting up these credentials, see the API Applications article.
You can configure a new Webhook using the "CREATE NEW" button with the following settings:
The available actions for the selected Item Type (OnCreate, OnUpdate, OnDelete, OnTrigger) and where applicable, further options to select the modules/collections to construct the webhook data - allowing you to enable just the modules you need to work with Webhooks.
For details on the additional options for each Item Type, see below Supported Modules and Actions.
The URL of your external application that will recieve the Webhook.
HMAC-SHA256 Signing
Support for optional HMAC-SHA256 signing of outgoing webhooks is available to ensure authenticity and data integrity.
To enable signing, append the ?sk=<ClientSecret> parameter (or a custom secret) to the External URL field, for example:<URL>/api/webhook?sk=<ClientSecret>
When enabled, each webhook request includes timestamp, event name, and signature headers generated with the provided secret, allowing the receiver to verify that the payload is authentic and unmodified.
Supported Modules and Actions
The below table shows which actions and modules are available with each entity/item type.
ModuleItem
FormModuleCustomWorkflowFormModuleModuleModuleModuleModuleModuleModuleModuleModuleModuleModuleModuleModuleModuleFormSystemEvent