Subscribe any URL to any OpsIQ event. HMAC-SHA256 signed, replay-protected, idempotency-keyed, retry-aware. Compose triggers and actions into automation rules without writing a line of code, or roll your own from the API.
Universal events. Signed delivery. A visual rule builder for the non-developers on your team.
invoice.paid, ticket.created, customer.signed_up, license.expired, chat.human_requested โ and any custom event you fire from your own platform. POST to any URL, signed with HMAC-SHA256.
Define what AI can run on your system. Signed, scoped, role-checked.
Drag-drop conditions and outputs. No code. Conditions on customer tier, priority, keyword.
Exponential backoff up to 24 hours. Failed deliveries alerted.
Inspect, replay, debug. Retention 30 days.
Preview the exact JSON the endpoint will receive. Test signatures verify.
Every webhook carries an X-OpsIQ-Timestamp and a unique nonce. Endpoints verify the timestamp is within 5 minutes of "now" and reject duplicate nonces. The signature covers the raw body, the timestamp, and the path so substitution attacks fail.
Every write API call carries an Idempotency-Key. If we retry on a transient failure, your endpoint sees the same key and returns the same result without doing the work twice. Critical for payment, billing and provisioning workflows.
Compute HMAC-SHA256 over the raw request body using your shared secret, prefix with sha256=, compare with X-OpsIQ-Signature using a constant-time compare. Sample code on the developers page.
We retry with exponential backoff for up to 24 hours. After that you can replay manually from the delivery log.
Yes. Each endpoint has its own secret you can rotate without downtime โ both old and new signatures are accepted during a 24-hour overlap window.
Yes โ the visual rule builder ("when X happens, do Y") covers most workflows. Code-only paths are available for complex cases.
First webhook delivered in under 10 minutes from sign-up.