Back to documentation hub
reference
Webhook events summary
Payload formats and retry behavior for NexusCore webhook subscriptions.
8 min•api•
api
webhooks
Event delivery
- Webhooks are sent over HTTPS with a
POSTrequest. - Each request includes the
X-Nexuscore-Signatureheader for verification. - Retries follow exponential backoff for up to 24 hours.
Common events
ticket.created
{
"id": "evt_01hf...",
"type": "ticket.created",
"created_at": "2025-10-12T18:05:11Z",
"data": {
"ticket": {
"id": "tick_01hf...",
"subject": "Payment pending",
"brand_id": "brand_123",
"status": "open"
}
}
}
ticket.updated
Includes changed fields and the user or automation responsible.
message.created
Payload contains the message body, author, attachments, and AI draft metadata if relevant.
automation.run.completed
Reports the Mesh recipe, outcome (success, warning, failed), duration, and logs URL.
Verification
- Concatenate the timestamp and raw body:
${timestamp}.${body}. - Compute HMAC-SHA256 with your webhook secret.
- Compare against the signature in the header.
Example (Node.js):
import crypto from 'node:crypto'
export function verifySignature(body: string, signature: string, secret: string) {
const digest = crypto
.createHmac('sha256', secret)
.update(body, 'utf8')
.digest('hex')
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(digest))
}
Retry behavior
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 30 seconds |
| 3 | 2 minutes |
| 4 | 10 minutes |
| 5 | 1 hour |
| 6 | 6 hours |
After the final attempt the event is marked as failed and visible in the dashboard. You can replay failed events manually.
Testing webhooks
- Use the Send test event button when configuring the endpoint.
- For local development, use tunneling tools (ngrok, Cloudflare Tunnel).
- Inspect delivery logs and sample payloads in Integrations → Webhooks.
Need deeper implementation help?
Share your requirements and we’ll assemble a tailored rollout or security packet.