WorkflowEmbedded webhook setup

Configure a Customer-Provided Webhook With HMAC Signing

Customers with their own backend get a webhook integration they fully control. They register the URL and an HMAC secret inside the embed; your product emits one event; Meshes signs every delivery with the customer's secret so their receiver can verify it came from you.

Event signal:order.completed| Destination:Webhook| Use case:Per-Tenant Webhooks With HMAC Signing| Typical setup:~25 minutes

Workflow outcome

The product event is small. The downstream effect is not.

The workflow starts with one order.completed event from your product and ends with a signed HTTPS POST to the URL the customer registered inside their workspace.

Each request carries an HMAC signature built from the customer's own secret. The customer's receiver recomputes the signature against the request body and accepts only matching requests.

Why teams care

This is the kind of workflow buyers judge fast

Webhooks are the lowest-friction way to let customers with their own backends receive your product events. HMAC signing is what makes them trustworthy — the customer's receiver needs to verify every request is really from you.

Letting the customer provide their own URL and secret keeps your product out of per-tenant crypto. You never store, rotate, or distribute secrets — the embed and Meshes handle that surface per workspace.

The same pattern is how you set up signed webhooks for internal receivers too: a dev workspace can register a sandbox URL with its own secret while production points at the real endpoint.

This is the most portable customer-facing integration shape. If a customer is not on Slack or a supported CRM, a signed webhook is the universal escape hatch that works with whatever they run.

What it depends on

The supporting pieces behind a credible rollout

These pages stay focused on the workflow outcome, but the setup still needs the right workspace, destination connection, and event path underneath.

Meshes workspace per tenant

One workspace per customer so each tenant has its own webhook URL, secret, and delivery log.

Embedded workspace UI

Mount the embedded Meshes pages so customers can manage their webhook URL and HMAC secret without leaving your product.

Webhooks integration

Review the webhook connection options — authentication, custom headers, payload signing, and HTTP methods — so you know what the customer can configure.

A customer receiver ready to verify signatures

Your customer needs an HTTPS endpoint and a stored secret for verifying the signature header before trusting the request body.

The source event

The payload that creates the downstream business outcome

For a signed webhook, the payload is whatever your product emits. What matters is that the serialized request body is what the customer verifies against. Meshes signs the exact bytes it sends, so the customer recomputes the HMAC over the same body and compares.

Event payload

order.completed

{
  "order_id": "ord_lannister_77",
  "customer_id": "cus_lannister",
  "account_id": "acc_casterly",
  "total_cents": 12900,
  "currency": "usd",
  "items": 3,
  "completed_at": "2026-04-17T18:22:00Z"
}

What matters most

order_id
Stable reference the customer correlates against their own systems after verifying the signature.
customer_id + account_id
Customer-facing identifiers that stay meaningful inside the receiver's records.
total_cents + currency
Financial fields where signature verification matters most — the customer cannot afford a spoofed amount.
completed_at
Lets the customer reject requests whose timestamp is too far from the current time as a replay defense.

Field mapping view

What the destination needs from the event

Event field	Destination target	Why it matters
order_id	Request body	Serialize the full payload as JSON so the customer can recompute the HMAC against the exact bytes.
customer_id + account_id	Request body	Keep the receiver's correlation fields inside the signed body so they are protected too.
total_cents + currency	Request body	Never move financial fields outside the signed body.
completed_at	Request body	Combined with the signature timestamp header, gives the receiver two layers of replay protection.

The destination connection

The destination matters, but the connection quality matters just as much

The customer registers the webhook URL and HMAC secret from inside the embedded Meshes workspace UI. Your product never sees the secret — the customer enters it directly in the embed. Meshes signs every request with that secret for that workspace.

Mount the embedded Meshes UI and mint a workspace-scoped session for the signed-in customer.
Guide the customer to the Connections page and have them add a Webhook connection with the URL their receiver listens on.
The customer selects a signing algorithm and provides the HMAC secret. Meshes stores it scoped to that workspace and never returns it in plaintext after saving.
The customer can rotate the secret at any time from the embed — the next delivery uses the new secret automatically.

Webhooks Integration Meshes quickstart

Where Meshes matters

The product stays simple while the destination still gets the right shape

Most teams do not need another destination. They need the destination to stay in sync without embedding its delivery quirks, retries, and mapping logic into the product code path.

Event

order.completed

Destination

Webhook

Use case

Per-Tenant Webhooks With HMAC Signing

Docs

Webhooks Integration

In the workspace, bind order.completed to the Webhook Send action and leave the payload intact. The goal is to deliver exactly what the customer signs against, so keep transformations minimal unless the rule needs them.

Keep the request body byte-stable. Any server-side field reshaping breaks the signature the customer computes.
Let the customer pick the HMAC algorithm (HMAC-SHA256 or HMAC-SHA512) when they create the connection.
Use the signature timestamp header the integration provides so the customer can reject stale replays against their configured tolerance window.
If the customer wants a secondary receiver — for an audit log or staging replica — they add a second webhook connection with its own URL and secret.

A sample event

The product-side code stays close to the business event

This is the part teams like: the source event stays readable and product-shaped while Meshes owns the destination-facing complexity.

TypeScript example

One emit call stays close to the business event

import MeshesEventsClient from '@mesheshq/events';

const events = new MeshesEventsClient(tenant.meshesPublishableKey);

await events.emit({
  event: 'order.completed',
  resource: 'order',
  resource_id: 'ord_lannister_77',
  payload: {
    order_id: 'ord_lannister_77',
    customer_id: 'cus_lannister',
    account_id: 'acc_casterly',
    total_cents: 12900,
    currency: 'usd',
    items: 3,
    completed_at: '2026-04-17T18:22:00Z',
  },
});

Destination outcome

Ask the customer to use Send Test Event inside the embedded workspace UI to fire a sample order.completed against their URL. Their receiver should accept the request after signature verification.

Send Events SDK docs

Operational visibility

Delivery history is where this stops feeling like glue code

The difference between a nice demo and a usable product workflow is whether you can see what happened when the destination is slow, misconfigured, or unavailable.

In Meshes

What a healthy workflow looks like

Confirm the event shows up in the workspace event history in the embedded Meshes UI.
Check the Webhook delivery attempt shows a 2xx response and a signed request body in the details view.
On the customer's receiver, verify the signature matches when recomputed against the raw request body and the configured secret.
If the attempt fails, the customer sees the response details in the embed and can rotate the secret, update the URL, or replay the delivery themselves.

Why teams buy Meshes

The workflow stays sellable after launch

Retries are re-signed on each attempt so the receiver never sees a stale signature after a backoff pause.
Per-workspace delivery history lets the customer audit exactly what was delivered and what was not — without your team ever seeing another tenant's data.
Dead-lettered webhooks remain in the workspace for replay. The signing key stays scoped to the tenant so replays stay verifiable.

What's next

Keep exploring the same workflow from different angles

Use Case

Per-Tenant Webhooks With HMAC Signing

See the broader embedded-iPaaS pattern this guide implements across multiple customers.

Open link

Docs

Webhooks Integration

Read the webhook connection reference — authentication modes, custom headers, signing, and HTTP methods.

Open link

Docs

Embedded Workspaces

Understand how the embedded Meshes UI mounts inside your product.

Open link

Docs

Embed Security

See how workspace-scoped sessions keep customer secrets from ever reaching your backend.

Open link

Docs

Session API

Mint workspace-scoped sessions from your backend so each customer only manages their own webhook and secret.

Open link

Guide

Let Customers Connect Their Own Slack from the Embed

See the same embedded pattern applied to a Slack connection instead of a webhook.

Open link

Next stepStart free or keep reading the docs

Ship trustworthy customer webhooks without owning crypto

Let customers register their webhook URL and HMAC secret from the embed. Your product emits one event; Meshes signs every delivery with the tenant's own secret.

Start free View documentation

WorkflowEmbedded webhook setup

Configure a Customer-Provided Webhook With HMAC Signing

Customers with their own backend get a webhook integration they fully control. They register the URL and an HMAC secret inside the embed; your product emits one event; Meshes signs every delivery with the customer's secret so their receiver can verify it came from you.

Start free View documentation

Event signal:order.completed| Destination:Webhook| Use case:Per-Tenant Webhooks With HMAC Signing| Typical setup:~25 minutes

Workflow outcome

The product event is small. The downstream effect is not.

The workflow starts with one order.completed event from your product and ends with a signed HTTPS POST to the URL the customer registered inside their workspace.

Each request carries an HMAC signature built from the customer's own secret. The customer's receiver recomputes the signature against the request body and accepts only matching requests.

Why teams care

This is the kind of workflow buyers judge fast

The same pattern is how you set up signed webhooks for internal receivers too: a dev workspace can register a sandbox URL with its own secret while production points at the real endpoint.

This is the most portable customer-facing integration shape. If a customer is not on Slack or a supported CRM, a signed webhook is the universal escape hatch that works with whatever they run.

What it depends on

The supporting pieces behind a credible rollout

These pages stay focused on the workflow outcome, but the setup still needs the right workspace, destination connection, and event path underneath.

Meshes workspace per tenant

One workspace per customer so each tenant has its own webhook URL, secret, and delivery log.

Embedded workspace UI

Mount the embedded Meshes pages so customers can manage their webhook URL and HMAC secret without leaving your product.

Webhooks integration

Review the webhook connection options — authentication, custom headers, payload signing, and HTTP methods — so you know what the customer can configure.

A customer receiver ready to verify signatures

Your customer needs an HTTPS endpoint and a stored secret for verifying the signature header before trusting the request body.

The source event

The payload that creates the downstream business outcome

Event payload

order.completed

{
  "order_id": "ord_lannister_77",
  "customer_id": "cus_lannister",
  "account_id": "acc_casterly",
  "total_cents": 12900,
  "currency": "usd",
  "items": 3,
  "completed_at": "2026-04-17T18:22:00Z"
}

What matters most

order_id
Stable reference the customer correlates against their own systems after verifying the signature.
customer_id + account_id
Customer-facing identifiers that stay meaningful inside the receiver's records.
total_cents + currency
Financial fields where signature verification matters most — the customer cannot afford a spoofed amount.
completed_at
Lets the customer reject requests whose timestamp is too far from the current time as a replay defense.

Field mapping view

What the destination needs from the event

Event field	Destination target	Why it matters
order_id	Request body	Serialize the full payload as JSON so the customer can recompute the HMAC against the exact bytes.
customer_id + account_id	Request body	Keep the receiver's correlation fields inside the signed body so they are protected too.
total_cents + currency	Request body	Never move financial fields outside the signed body.
completed_at	Request body	Combined with the signature timestamp header, gives the receiver two layers of replay protection.

The destination connection

The destination matters, but the connection quality matters just as much

Mount the embedded Meshes UI and mint a workspace-scoped session for the signed-in customer.
Guide the customer to the Connections page and have them add a Webhook connection with the URL their receiver listens on.
The customer selects a signing algorithm and provides the HMAC secret. Meshes stores it scoped to that workspace and never returns it in plaintext after saving.
The customer can rotate the secret at any time from the embed — the next delivery uses the new secret automatically.

Webhooks Integration Meshes quickstart

Where Meshes matters

The product stays simple while the destination still gets the right shape

Most teams do not need another destination. They need the destination to stay in sync without embedding its delivery quirks, retries, and mapping logic into the product code path.

Event

order.completed

Destination

Webhook

Use case

Per-Tenant Webhooks With HMAC Signing

Docs

Webhooks Integration

Keep the request body byte-stable. Any server-side field reshaping breaks the signature the customer computes.
Let the customer pick the HMAC algorithm (HMAC-SHA256 or HMAC-SHA512) when they create the connection.
Use the signature timestamp header the integration provides so the customer can reject stale replays against their configured tolerance window.
If the customer wants a secondary receiver — for an audit log or staging replica — they add a second webhook connection with its own URL and secret.

A sample event

The product-side code stays close to the business event

This is the part teams like: the source event stays readable and product-shaped while Meshes owns the destination-facing complexity.

TypeScript example

One emit call stays close to the business event

import MeshesEventsClient from '@mesheshq/events';

const events = new MeshesEventsClient(tenant.meshesPublishableKey);

await events.emit({
  event: 'order.completed',
  resource: 'order',
  resource_id: 'ord_lannister_77',
  payload: {
    order_id: 'ord_lannister_77',
    customer_id: 'cus_lannister',
    account_id: 'acc_casterly',
    total_cents: 12900,
    currency: 'usd',
    items: 3,
    completed_at: '2026-04-17T18:22:00Z',
  },
});

Destination outcome

Ask the customer to use Send Test Event inside the embedded workspace UI to fire a sample order.completed against their URL. Their receiver should accept the request after signature verification.

Send Events SDK docs

Operational visibility

Delivery history is where this stops feeling like glue code

The difference between a nice demo and a usable product workflow is whether you can see what happened when the destination is slow, misconfigured, or unavailable.

In Meshes

What a healthy workflow looks like

Confirm the event shows up in the workspace event history in the embedded Meshes UI.
Check the Webhook delivery attempt shows a 2xx response and a signed request body in the details view.
On the customer's receiver, verify the signature matches when recomputed against the raw request body and the configured secret.
If the attempt fails, the customer sees the response details in the embed and can rotate the secret, update the URL, or replay the delivery themselves.

Why teams buy Meshes

The workflow stays sellable after launch

Retries are re-signed on each attempt so the receiver never sees a stale signature after a backoff pause.
Per-workspace delivery history lets the customer audit exactly what was delivered and what was not — without your team ever seeing another tenant's data.
Dead-lettered webhooks remain in the workspace for replay. The signing key stays scoped to the tenant so replays stay verifiable.

What's next

Keep exploring the same workflow from different angles

Use Case

Per-Tenant Webhooks With HMAC Signing

See the broader embedded-iPaaS pattern this guide implements across multiple customers.

Open link

Docs

Webhooks Integration

Read the webhook connection reference — authentication modes, custom headers, signing, and HTTP methods.

Open link

Docs

Embedded Workspaces

Understand how the embedded Meshes UI mounts inside your product.

Open link

Docs

Embed Security

See how workspace-scoped sessions keep customer secrets from ever reaching your backend.

Open link

Docs

Session API

Mint workspace-scoped sessions from your backend so each customer only manages their own webhook and secret.

Open link

Guide

Let Customers Connect Their Own Slack from the Embed

See the same embedded pattern applied to a Slack connection instead of a webhook.

Open link

Next stepStart free or keep reading the docs

Ship trustworthy customer webhooks without owning crypto

Let customers register their webhook URL and HMAC secret from the embed. Your product emits one event; Meshes signs every delivery with the tenant's own secret.

Start free View documentation