Webhook Authentication, HMAC Signing, and Delivery Controls

Meshes webhooks are no longer config-only. Every webhook connection now supports authenticated, signed delivery with full control over how the request reaches your endpoint.

Authentication

Attach credentials to every webhook request. Choose from:

• None — no auth headers
• Basic Auth — Authorization: Basic header from a username and password
• Bearer Token — Authorization: Bearer header
• Custom Header — any header name and value, such as X-API-Key

All credentials are encrypted at rest and never returned in plaintext after they are saved.

HMAC payload signing

Enable HMAC-SHA256 or HMAC-SHA512 so your endpoint can cryptographically verify that every request body came from Meshes and has not been tampered with. The signature is computed from the exact bytes sent and attached in a configurable header (default X-Meshes-Signature). Signing is independent of authentication — use both together for defense in depth.

Custom headers

Add up to five static headers to every request for routing keys, tenant identifiers, or any metadata your endpoint expects.

Payload format

Choose Wrapped to send the full Meshes event envelope, or Raw to send only the payload object. In raw mode, event metadata is promoted to X-Meshes-* HTTP headers so your endpoint can still access the event ID, name, resource, and timestamps.

HTTP method

Select POST, PUT, or PATCH per connection. The default is POST.

Learn more

• Webhook integration docs
• Integrations overview