- Connection webhooks notify you when an end user connects or fails to connect an account. You define these webhooks when creating a Connect token.
- Trigger webhooks deliver events emitted by deployed triggers. You define these per trigger, or set a default at the project level.
Connection webhooks
When you create a Connect token, you can pass awebhook_uri. Pipedream sends a POST request to this URL when the end user successfully connects an account, or if an error occurs during the flow.
Events
CONNECTION_SUCCESS— the user successfully connected their accountCONNECTION_ERROR— an error occurred during the connection flow
Payload
Successful connection
User credentials are not included in the webhook payload. Use the Retrieve Account endpoint with theaccount.id from the payload to fetch credentials.
Error
Trigger webhooks
When you deploy a trigger with awebhook_url, Pipedream delivers that trigger’s emitted events to your URL via a POST request.
Setting a webhook URL
You can define a webhook destination on an individual trigger, or a project. If both are set, the trigger-level URL takes precedence.Project-level
Set a default webhook URL for all triggers in a project. You can configure separate URLs for each environment.- UI
- API
In your project settings, add webhook URLs under the Webhooks section for each environment.When you save a new webhook URL, we’ll display the signing key for you to copy and use to validate signatures. Note that we will never show the signing key again, so make sure to note it down.You can also regenerate the signing key and delete or update the webhook URL at any time.
Trigger-level
Passwebhook_url when you deploy a trigger, or update it later with the Update Trigger Webhooks endpoint. Pipedream returns a signing key in the response.
Webhook signatures
Pipedream signs every trigger webhook delivery using HMAC-SHA256. Each request includes anx-pd-signature header:
t— UNIX timestamp (seconds) when the signature was generatedv1— HMAC-SHA256 hex digest of the signed payload
., and the raw request body:
Validating signatures
Compute the expected signature with your signing key and compare it to thex-pd-signature header value.