Overview

Webhooks allow external services to receive real-time notifications when events occur in Obeya Cloud. When an event is triggered, Obeya Cloud sends an HTTP POST request to your configured endpoint with a JSON payload describing the event.

Setting Up Webhooks

1

Navigate to Webhooks

Go to Settings > Integrations > Webhooks or Project Settings > Webhooks for project-level hooks.
2

Add Endpoint

Click + Add Webhook and enter your endpoint URL (must be HTTPS in production).
3

Select Events

Choose which events trigger the webhook. You can select individual events or subscribe to all events.
4

Set Secret

Generate or enter a signing secret. Obeya Cloud uses this to sign payloads so you can verify authenticity.
5

Test

Click Send Test to send a test payload to your endpoint and verify it is working.

Available Events

EventTrigger
item.createdA new item is created
item.updatedAn item’s name or description changes
item.deletedAn item is permanently deleted
item.archivedAn item is archived
item.movedAn item is moved to a different group or board
value.changedA column value is set or updated
column.createdA new column is added to a board
column.deletedA column is removed from a board
comment.createdA new comment is posted
board.createdA new board is created
board.deletedA board is deleted
member.invitedA new member is invited to the organization
member.removedA member is removed from the organization
form.submittedA form receives a submission

Payload Format

All webhook payloads follow the same structure: 
{
  "id": "evt_01HXK5QJBN3YZXM8KJP2RSNV4C",
  "type": "item.created",
  "timestamp": "2026-03-19T14:30:00.000Z",
  "organization": {
    "id": "org_01HXK5...",
    "slug": "acme"
  },
  "data": {
    "item": {
      "id": "itm_01HXK5...",
      "name": "New feature request",
      "boardId": "brd_01HXK5...",
      "groupId": "grp_01HXK5...",
      "createdBy": "usr_01HXK5...",
      "createdAt": "2026-03-19T14:30:00.000Z",
      "values": {
        "status": { "label": "To Do", "color": "#6366f1" },
        "priority": { "label": "High", "color": "#ef4444" },
        "assignee": ["usr_01HXK5..."]
      }
    }
  }
}

Signature Verification

Every webhook request includes a signature header for verification: 
X-Obeya-Signature: sha256=5257a869e7ecebeda32affa62cdca3fa51cad7e77a0e56ff536d0ce8e108d8bd
Verify the signature in your endpoint: 
import crypto from "crypto";

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");

  return crypto.timingSafeEqual(
    Buffer.from(`sha256=${expected}`),
    Buffer.from(signature)
  );
}

// Express middleware
app.post("/webhook", express.raw({ type: "application/json" }), (req, res) => {
  const signature = req.headers["x-obeya-signature"];
  if (!verifyWebhook(req.body, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send("Invalid signature");
  }

  const event = JSON.parse(req.body);
  console.log("Received event:", event.type);
  res.status(200).send("OK");
});

Retry Policy

If your endpoint returns a non-2xx status code or times out (30 second timeout), Obeya Cloud retries the delivery:
AttemptDelay
1st retry1 minute
2nd retry5 minutes
3rd retry30 minutes
4th retry2 hours
5th retry12 hours
After 5 failed retries, the webhook is marked as failed. You can manually retry from the webhook dashboard.
If a webhook endpoint consistently fails (5+ consecutive failures), it is automatically disabled. You will receive an email notification and can re-enable it after fixing the issue.

Webhook Logs

View delivery logs for each webhook in Settings > Webhooks > [Webhook Name] > Logs. Each log entry shows:
  • Event type and payload
  • Response status code and body
  • Delivery time
  • Retry attempts
Webhook logs are retained for 30 days. Export them from the dashboard if you need longer-term storage.