Back

Manage webhooks

Developers~1 min read
On this page

Webhooks send real-time HTTP POST requests to your URL when events happen in Orbyt. Each webhook includes an HMAC-SHA256 signature for verification.

Create a webhook

POST to /api/mcp/webhooks with:

  • url: Your endpoint URL (must be HTTPS)
  • events: Array of event types to subscribe to
  • secret: A signing secret for HMAC verification

Verify signatures

Every webhook includes an X-Orbyt-Signature header. Compute HMAC-SHA256 of the request body using your secret and compare.

Manage webhooks

  • List: GET /api/mcp/webhooks
  • Delete: DELETE /api/mcp/webhooks with the webhook ID
  • Test: POST /api/mcp/webhooks/test sends a synthetic webhook.test event

Limits

  • Maximum 10 webhooks per user
  • Webhooks time out after 10 seconds
  • Private/internal URLs are blocked (SSRF protection)
Was this helpful?

Still need help? Email us at support@orbytjobs.ai

Related articles

Orbyt API overviewRead articleGenerate and manage API keysRead articleConnect Orbyt to Claude DesktopRead article