Skip to content
Logo probo
Get compliant
About The people and vision powering Probo Blog The latest news from Probo Stories Hear from our customers Changelog Latest product updates Docs Documentation for Probo GitHub Explore our open-source compliance tools

Webhooks Overview

Webhooks allow you to receive HTTP notifications when events occur in your Probo organization. When a subscribed event happens, Probo sends a POST request to your configured endpoint with details about the event.

How it works

Section titled “How it works”

  1. Create a webhook subscription

    Configure an endpoint URL and select which events you want to receive, either from the Probo console under Settings > Webhooks or using the CLI.

  2. Receive events

    When a subscribed event occurs, Probo sends a signed POST request to your endpoint with a JSON payload describing the event.

  3. Verify and process

    Verify the request signature using your signing secret, then process the event data.

Endpoint requirements

Section titled “Endpoint requirements”
  • Must use HTTPS
  • Must respond with a 2xx status code (200, 201, 202, or 204)
  • Must respond within 30 seconds

Responses with any other status code or timeouts are marked as failed.

Payload format

Section titled “Payload format”

Every webhook delivery sends a JSON body with this structure:

{
  "eventId": "whevt_01ABC123",
  "subscriptionId": "whsub_01DEF456",
  "organizationId": "org_01GHI789",
  "eventType": "vendor:created",
  "createdAt": "2025-01-15T10:30:00Z",
  "data": {
    // Event-specific fields
  }
}
FieldDescription
eventIdUnique identifier for this webhook event
subscriptionIdThe subscription that triggered this delivery
organizationIdThe organization where the event occurred
eventTypeThe type of event (e.g. vendor:created)
createdAtWhen the event was created (RFC 3339)
dataEvent-specific payload (see Event Types)

HTTP headers

Section titled “HTTP headers”

Each webhook request includes the following headers:

HeaderDescription
Content-Typeapplication/json
X-Probo-Webhook-EventThe event type (e.g. vendor:created)
X-Probo-Webhook-Organization-IdThe organization ID
X-Probo-Webhook-TimestampUnix timestamp (seconds) of the request
X-Probo-Webhook-SignatureHMAC-SHA256 hex signature for verification

Signing secret

Section titled “Signing secret”

When you create a webhook subscription, Probo generates a signing secret (prefixed with whsec_). You can view this secret in the console or retrieve it via the CLI. Store it securely — you’ll need it to verify webhook signatures.

Delivery behavior

Section titled “Delivery behavior”
  • Events are processed in order, with a polling interval of approximately 5 seconds.
  • Failed deliveries are not retried. The response status code, headers, and body (up to 64 KB) are stored and visible in the console for debugging.
  • Delivery history is available in Settings > Webhooks in the Probo console.

Next steps

Section titled “Next steps”
Event Types See all available webhook events and their payloads
Signature Verification Verify that webhook requests come from Probo