Webhooks
Webhooks deliver real-time notifications to your HTTP endpoints when events occur in Kaplaix. Each webhook is HMAC-SHA256 signed for integrity verification.
Notification channels
A notification channel defines a webhook destination. Each channel has:
- A URL (must be publicly reachable — private IPs are rejected)
- A secret for HMAC signature verification (shown once at creation)
- Event filters to control which events trigger notifications
/v1/notification-channelsCreate a notification channel. Returns the plaintext secret once — store it securely.
Request body:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Channel display name |
url | string | Yes | Webhook endpoint URL (must be public) |
events | string[] | No | Event types to subscribe to |
The secret is only returned at creation. If lost, rotate it using the rotate-secret endpoint.
SSRF protection: URLs pointing to private IP ranges (RFC 1918, loopback, link-local, CGNAT, IPv6 ULA, AWS/GCP/Azure metadata endpoints) are rejected.
/v1/notification-channelsList all notification channels.
/v1/notification-channels/:idGet channel details.
/v1/notification-channels/:idUpdate channel name, URL, events, or status.
/v1/notification-channels/:idDelete a notification channel.
/v1/notification-channels/:id/rotate-secretRotate the HMAC secret. Returns the new plaintext secret once.
/v1/notification-channels/:id/testSend a synthetic test notification to verify your endpoint.
Verifying webhook signatures
See the Webhook Signature Verification guide for implementation details.