Custom webhooks are triggered by steadybit whenever e.g. an experiment has started or failed. You can configure them at Settings / Application Settings / Integrations / Custom webhook. The content type is application/json and the message is described in our OpenAPI specification as WebhookPayload.
The name for this integration will not show up in the JSON body.
The URL, which will receive a HTTP Post request with the JSON body
You may a specify a secret which will be used to sign the body. Verifying the signature. optional
If no team is specified, you'll receieve all events. If you do specify a team you'll only receive events relevant for this team
You may select the events you want to recieve.

Verifying the Signature

If a secret is provided a signature of the body is computed using HMAC SHA-256 and sent as X-SB-Signature http header. You can use this header to verify the message.
Here is an example of doing this in Java:
private static boolean validateSignature(byte[] body, String secret, String header) throws Exception {
//calculate the signature using the secret
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] signature = mac.doFinal(body);
//remove the algorithm prefix and decode the hex to bytes[]
byte[] receivedSignature = Hex.decode(header.replaceFirst("^hmac-sha256 ", ""));
//compare using time-constant algorithm
return MessageDigest.isEqual(signature, receivedSignature);
Copy link