Webhooks

Webhooks let you receive real-time HTTP callbacks when events occur in AgileTune. Use them to integrate with external services, trigger CI/CD pipelines, or build custom automations.

Setting Up Webhooks

1. Go to Organization Settings → Webhooks
2. Click Add Webhook
3. Enter a Payload URL — the endpoint that will receive POST requests
4. Choose a Content type (JSON recommended)
5. Generate or enter a Secret for signature verification
6. Select the events you want to subscribe to
7. Click Create Webhook

Available Events

Payload Example

Each webhook delivery includes a JSON payload with the event type and relevant data:

{
  "event": "task.updated",
  "timestamp": "2026-03-20T12:00:00Z",
  "data": {
    "id": "tsk_abc123",
    "title": "Implement login page",
    "status": "in_progress",
    "assignee": {
      "id": "usr_xyz789",
      "name": "Jane Doe"
    },
    "changes": {
      "status": {
        "from": "todo",
        "to": "in_progress"
      }
    }
  }
}

Retry Policy

If your endpoint returns a non-2xx status code or times out (30-second limit), AgileTune retries the delivery with exponential backoff:

• 1st retry — after 1 minute
• 2nd retry — after 5 minutes
• 3rd retry — after 30 minutes
• 4th retry — after 2 hours
• 5th retry — after 12 hours

After 5 failed attempts, the webhook is marked as failing. You can view delivery logs and manually re-trigger deliveries from the webhook settings page.

Signature Verification

Every webhook delivery includes an X-AgileTune-Signature header containing an HMAC-SHA256 signature of the payload using your webhook secret. Always verify this signature to ensure the request is authentic:

import crypto from "crypto";

function verifySignature(payload: string, signature: string, secret: string) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}