Preview integration

Webhooks

Webhooks turn review, runtime, billing-preview, and payout-preview activity into auditable external events.

Open workspaceSecurity model

Supported events

skill.review.submitted, skill.review.approved, skill.review.rejected, skill.invocation.started, skill.invocation.succeeded, skill.invocation.failed, project_key.created, project_key.revoked, billing.order.created, billing.payment.succeeded, billing.payment.failed, publisher.payout.created, and publisher.payout.failed.

Signing secrets

Each endpoint should have a signing secret. Verify signatures before processing and rotate secrets when ownership changes.

Retry policy

Treat delivery as at-least-once. Return 2xx only after durable processing. Use event IDs for idempotency.

Failure handling

Failed deliveries should surface in workspace logs with retry count, next attempt, and redacted payload summary.

Example payload

Payloads include event id, type, created timestamp, workspace/project identifiers, redacted data, and a links object for follow-up.

Security best practices

Reject unsigned requests, enforce timestamp tolerance, avoid raw secret logs, and test with local tunnel tooling before production.

SkillHub Webhooks - Events, Signing Secrets, Retries, and Failure Handling | SkillHub