Docs

Reach ยท 08.11

Webhooks, Gateways & Delivery Logs

Signed trigger ingress, native SaaS connector webhooks, channel webhooks, and the gateways that supervise persistent transports.

WebhooksGateways

Every inbound webhook is signature-verified before it's trusted

Webhook routes cover several distinct sources โ€” signed workflow-trigger ingress, native SaaS connector webhooks, and per-channel webhooks โ€” but all of them share the same discipline: an inbound signature is checked with a timing-safe comparison before the payload is trusted, closing off the timing-attack surface a naive string comparison would leave open. Gateways separately supervise the long-lived, persistent transports (a WhatsApp session, a Telegram long-poll) that a one-shot webhook model doesn't fit, and outbound delivery is logged so a send that failed to actually leave the building is visible, not silently swallowed.

Continue