Receive a webhook (called by your external system)
webhooks
Receive a webhook (called by your external system)
The public receiver endpoint your external system POSTs to. It carries no API-key/JWT auth — the trust boundary is the HMAC signature verified on the raw request body, and the tenant is resolved from the URL slug. An unknown slug or webhook returns 404 (never 401, to avoid leaking existence); a signature failure returns 401; over-limit returns 429. On success it acks 202 within ~50ms and dispatches the job off-path. See the Receive webhooks guide. This endpoint is not callable from the interactive playground.
POST
Receive a webhook (called by your external system)