Docs v1.0 Get Started

Outbound Webhooks

AlgoBridge can push real-time notifications to your own HTTP endpoints when sync events occur. Payloads are signed with HMAC-SHA256 so you can verify they came from AlgoBridge.

Setting up a webhook

  1. Go to Settings → Webhooks
  2. Click Add Endpoint
  3. Enter your endpoint URL (must be HTTPS in production)
  4. Select the events you want to receive
  5. Copy the signing secret — it is only shown once
  6. Click Save

Event types

Event Fired when
sync.broken The sync engine has stopped processing rows due to a persistent error
sync.recovered Sync resumes after a broken state
sync.failure_spike ≥ 10 FAILED rows in a single sync cycle
mapping.activated A mapping transitions to active state
mapping.deactivated A mapping is paused or deactivated
record.failed An individual trigger-log row transitions to FAILED

Payload format

All events share a common envelope:

{
  "id": "evt_01j9...",
  "event": "sync.failure_spike",
  "workspace_id": "ws_abc123",
  "occurred_at": "2026-05-01T10:00:00Z",
  "data": {
    "failed_count": 14,
    "mapping_id": "m_01j9...",
    "sf_object": "Contact"
  }
}

The data payload is event-specific — see individual event schemas in the webhook settings UI.

Verifying the signature

Every delivery includes an X-AlgoBridge-Signature header containing an HMAC-SHA256 digest of the raw request body, signed with your endpoint’s secret.

X-AlgoBridge-Signature: sha256=a3f1b2c4d5e6...

To verify:

import hmac, hashlib

def verify(payload_bytes: bytes, header: str, secret: str) -> bool:
    expected = 'sha256=' + hmac.new(
        secret.encode(), payload_bytes, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, header)
import { createHmac, timingSafeEqual } from 'crypto';

function verify(payload: Buffer, header: string, secret: string): boolean {
  const expected = 'sha256=' + createHmac('sha256', secret).update(payload).digest('hex');
  return timingSafeEqual(Buffer.from(expected), Buffer.from(header));
}

Always verify signatures before processing the payload. Always use a constant-time comparison (hmac.compare_digest / timingSafeEqual) to prevent timing attacks.

Delivery and retries

AlgoBridge delivers each event with a 5-second timeout. A delivery is considered successful if your endpoint returns any 2xx status code within that window.

Failed deliveries (non-2xx response or timeout) are retried automatically:

Attempt Delay
1st retry 30 seconds
2nd retry 5 minutes
3rd retry 30 minutes
4th retry 2 hours
After 4th retry No further automatic retries

Delivery history

Go to Settings → Webhooks → (endpoint) → History to see every delivery attempt for that endpoint:

  • Timestamp
  • Event type
  • HTTP response code
  • Response body (first 1 KB)
  • Whether the delivery succeeded

Manual retry

You can re-send any delivery — including successful ones — from the history panel. Click Retry on any row. This immediately queues a new delivery attempt regardless of the automatic retry schedule.

Via API:

curl -X POST \
  -H "Authorization: Bearer sfbs_tok_xxxxxxxxxxxx" \
  "https://your-instance.example.com/api/v1/t/{workspaceId}/webhooks/{webhookId}/deliveries/{deliveryId}/retry"

Security recommendations

  • Use HTTPS endpoints only — HTTP is allowed in development but blocked in production
  • Rotate your signing secret periodically via Settings → Webhooks → (endpoint) → Rotate Secret
  • Set a short timeout on your endpoint handler (< 5 seconds) to avoid retries caused by slow processing
  • Respond 200 OK immediately and process the payload asynchronously if your handler is slow
← Back to AlgoBridge Get Started →