Webhooks
Receive HTTP notifications when events occur in your infrastructure.
Webhooks allow your AI agent (or any service) to receive real-time notifications when things happen — deployments complete, errors are detected, uptime checks fail. Instead of polling, While pushes events to your URL as they occur. This is how you close the autonomous loop: While senses, your agent fixes.
Creating a Webhook
Via MCP
while.webhooks.create({
url: "https://your-agent.com/webhook",
events: ["deployment.failed", "error.detected", "uptime.down"],
secret: "optional-signing-secret" // auto-generated if omitted
})Via REST API
POST /api/webhooks
Authorization: Bearer whl_your_key
Content-Type: application/json
{
"url": "https://your-agent.com/webhook",
"events": ["deployment.failed", "error.detected"],
"secret": "optional-signing-secret"
}A signing secret (whsec_...) is returned on creation. Store it securely — it cannot be retrieved again.
Event Types
13 event typesDeployments
deployment.triggeredA new deployment has been queued
deployment.buildingContainer image is being built
deployment.runningDeployment is live and serving traffic
deployment.failedDeployment failed during build or rollout
deployment.cancelledDeployment was cancelled
Errors
error.detectedA new error was ingested from the application
error.resolvedAn error was marked as resolved
Projects
project.createdA new project was created
project.deletedA project was deleted
Uptime
uptime.downAn uptime check detected a failure
uptime.recoveredA previously failing check is healthy again
Webhooks
webhook.deliveredA webhook payload was successfully delivered
webhook.failedA webhook delivery failed
Payload Format
While sends a POST request to your webhook URL with a JSON payload. Every payload includes the event type, tenant context, and event-specific data.
POST https://your-agent.com/webhook
Content-Type: application/json
X-While-Signature: sha256=a1b2c3...
{
"type": "deployment.failed",
"tenantId": "tenant_abc",
"projectId": "proj_xyz",
"environmentId": "env_stg",
"payload": {
"deploymentId": "dep_123",
"status": "failed",
"error": "Build failed: npm install exited with code 1",
"commitSha": "abc123"
},
"timestamp": "2026-03-06T14:30:00.000Z"
}Signature Verification
Every webhook request includes an X-While-Signature header containing an HMAC-SHA256 signature of the request body. Verify this to ensure the request came from While.
import crypto from "crypto";
function verifyWebhook(body: string, signature: string, secret: string): boolean {
const expected = crypto
.createHmac("sha256", secret)
.update(body)
.digest("hex");
return signature === `sha256=${expected}`;
}
// Usage in your webhook handler:
app.post("/webhook", (req, res) => {
const sig = req.headers["x-while-signature"];
if (!verifyWebhook(JSON.stringify(req.body), sig, "whsec_your_secret")) {
return res.status(401).send("Invalid signature");
}
// Process the event...
});Testing Webhooks
Use the test tool to send a sample payload to your webhook URL and verify it works.
// Via MCP
while.webhooks.test({ id: "webhook_abc" })
// Via REST API
POST /api/webhooks/:id/test
Authorization: Bearer whl_your_keyThe test sends a sample webhook.test event to the URL. Check the response status to confirm your endpoint is receiving and processing events correctly.
Managing Webhooks
while.webhooks.listList all webhook subscriptions
while.webhooks.getGet details for a specific webhook
while.webhooks.deleteRemove a webhook subscription