Workjet
Back to Workjet

Webhooks

Webhooks allow external services to trigger Workjet assistants and automations via HTTP POST requests. When a webhook URL receives a request, the associated assistant or engine is activated with the request body as context.

How Webhooks Work

  1. Create an assistant with the webhook trigger type
  2. Workjet generates a unique webhook URL for the assistant
  3. Configure the external service to send HTTP POST requests to this URL
  4. When a request arrives, the assistant is activated with the request payload

Webhook URL Format

https://api.workjet.dev/v1/webhooks/{webhook_id}

Each webhook has a unique ID that serves as both the endpoint and the authentication mechanism. Keep webhook URLs secret — anyone with the URL can trigger the assistant.

Request Format

Webhooks accept any JSON payload via HTTP POST: 

POST https://api.workjet.dev/v1/webhooks/wh_abc123
Content-Type: application/json

{
  "event": "ticket.created",
  "data": {
    "id": "TICKET-456",
    "title": "Login button not working",
    "description": "Users report the login button is unresponsive on mobile.",
    "priority": "high"
  }
}

Response

The webhook endpoint returns immediately with an acknowledgment. Processing happens asynchronously: 

{
  "received": true,
  "webhookId": "wh_abc123",
  "executionId": "exec_xyz789",
  "status": "queued"
}

Webhook Verification

Workjet includes a signature header for webhook responses (when used as an output channel): 

X-Workjet-Signature: sha256=abc123...

Verify the signature by computing HMAC-SHA256 of the response body with your webhook secret and comparing it to the header value.

Use Cases

  • CI/CD integration: Trigger an assistant when a deployment completes
  • Form processing: Process form submissions through an AI workflow
  • Alert handling: Triage monitoring alerts automatically
  • Third-party events: React to events from Stripe, GitHub, Linear, etc.

Security: Webhook URLs are secret and act as authentication tokens. Do not share them publicly or commit them to source control. If a webhook URL is compromised, regenerate it from the assistant's settings.

Next Steps