Configure
Use the REST API:PUT /user/webhook(see also: User Settings API)
webhook_urlmust be publicly reachable. Private/internal URLs are rejected (SSRF protection).- If you set
webhook_secret, Vexa will includeAuthorization: Bearer <secret>on webhook requests. - For local development, use a tunnel (ngrok/cloudflared): Local webhook development
Delivery
- Webhooks are best-effort. Your endpoint should respond quickly (2xx) and do any heavy work asynchronously.
- Your endpoint should be idempotent (you may receive retries or repeated events).