Overview
Webhooks let NexaTech push events to your application in real time. We'll POST a JSON payload to your endpoint whenever a subscribed event occurs.
Register a webhook
POST /api/v1/webhooks
{
"url": "https://yourapp.com/webhooks/nexatech",
"events": ["deploy.completed", "deploy.failed", "incident.created"],
"secret": "your-signing-secret"
}Verify signatures
Every webhook request includes an X-NexaTech-Signature header. Verify it to reject spoofed requests.
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const hmac = crypto.createHmac('sha256', secret);
const digest = hmac.update(body).digest('hex');
return crypto.timingSafeEqual(
Buffer.from(digest),
Buffer.from(signature.replace('sha256=', ''))
);
}Retry policy
Failed webhooks (non-2xx response or timeout) are retried up to 5 times with exponential backoff over 24 hours. After 5 failures the webhook is automatically disabled.