Nolixan

Webhooks

Receive provider events and forward them to your endpoints via subscriptions.

Nolixan receives inbound provider webhooks on a connection, records each event, and forwards matching events to URLs you subscribe with.

Inbound events

Providers deliver to:

POST /api/v1/webhook/{connection_id}

Each delivery is persisted as a webhook event — provider, connection, event type, body, headers, status (receivedforwardingforwarded / failed / dead_letter), and an idempotency key that prevents the same event being forwarded twice. Inbound events should be verified.

Subscriptions

A subscription says which events go to which URL:

POST /api/v1/webhook-subscriptions
API-Key: sk_...
 
{
  "provider_config_key": "github",      // optional — omit for all providers
  "connection_id": "acme",              // optional — omit for all connections
  "event_types": ["push", "pull_request.*"],   // wildcard patterns
  "forward_url": "https://your-app.example.com/hooks",
  "signing_secret": "whsec_..."         // used to sign what we forward to you
}

Manage them with the usual REST verbs:

GET    /api/v1/webhook-subscriptions
GET    /api/v1/webhook-subscriptions/{id}
PATCH  /api/v1/webhook-subscriptions/{id}
DELETE /api/v1/webhook-subscriptions/{id}
POST   /api/v1/webhook-subscriptions/{id}/test     # send a test event

Both forward_url and signing_secret are encrypted at rest (AES-256-GCM).

Inspecting events

GET /api/v1/webhook-events                  # list (filterable)
GET /api/v1/webhook-events/{event_uuid}     # one event's detail
GET /api/v1/webhook-events/stream           # SSE stream of live events

Forwarding is tracked with attempt counts and last error, and events that exhaust retries land in dead_letter for inspection.

On this page