interactor-webhooks
Enables real-time updates from Interactor via webhooks or Server-Sent Events for dynamic UIs and workflow monitoring.
Install this skill
Security score
The interactor-webhooks skill was audited on Feb 12, 2026 and we found 276 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 697 | console.log(`Received event: ${event.type} (${event.id})`); |
Template literal with variable interpolation in command context
| 701 | console.error(`Failed to process event ${event.id}:`, err); |
Template literal with variable interpolation in command context
| 1135 | const idempotencyKey = `webhook:processed:${event.id}`; |
Template literal with variable interpolation in command context
| 1141 | console.log(`Event ${event.id} already processed, skipping`); |
Template literal with variable interpolation in command context
| 1147 | console.log(`Successfully processed event ${event.id}`); |
Template literal with variable interpolation in command context
| 1173 | const attemptKey = `webhook:attempts:${event.id}`; |
Template literal with variable interpolation in command context
| 1190 | console.error(`Event ${event.id} moved to DLQ after ${attempts} attempts`); |
Template literal with variable interpolation in command context
| 1193 | await alertOps(`Webhook event ${event.id} failed ${attempts} times`); |
Template literal with variable interpolation in command context
| 1195 | console.warn(`Event ${event.id} failed (attempt ${attempts}/${MAX_PROCESS_ATTEMPTS})`); |
Template literal with variable interpolation in command context
| 1208 | console.log(`DLQ item: ${event.id} failed at ${failedAt}: ${error}`); |
Template literal with variable interpolation in command context
| 1378 | headers: { 'Authorization': `Bearer ${authToken}` }, |
Template literal with variable interpolation in command context
| 1382 | return new EventSource(`/api/sse/rooms/${roomId}?token=${token}`); |
Template literal with variable interpolation in command context
| 1399 | `https://core.interactor.com/api/v1/agents/rooms/${req.params.roomId}/stream`, |
Template literal with variable interpolation in command context
| 1400 | { headers: { 'Authorization': `Bearer ${process.env.INTERACTOR_ACCESS_TOKEN}` } } |
Template literal with variable interpolation in command context
| 1405 | res.write(`event: ${event.type}\ndata: ${event.data}\n\n`); |
Template literal with variable interpolation in command context
| 1443 | console.warn(`SSE connection stale (${timeSinceHeartbeat}ms since last heartbeat)`); |
Template literal with variable interpolation in command context
| 1477 | `https://core.interactor.com/api/v1/agents/rooms/${roomId}/stream?token=${token}` |
Template literal with variable interpolation in command context
| 1571 | const url = `https://core.interactor.com/api/v1/agents/rooms/${roomId}/stream?token=${token}`; |
Template literal with variable interpolation in command context
| 1676 | <div key={msg.id} className={`message ${msg.role}`}> |
Template literal with variable interpolation in command context
| 1714 | const url = `${this.baseUrl}/agents/rooms/${roomId}/stream`; |
Template literal with variable interpolation in command context
| 1718 | 'Authorization': `Bearer ${this.token}` |
Template literal with variable interpolation in command context
| 1793 | const url = `${this.baseUrl}/workflows/instances/${instanceId}/stream`; |
Template literal with variable interpolation in command context
| 1797 | 'Authorization': `Bearer ${this.token}` |
Template literal with variable interpolation in command context
| 1949 | ```typescript |
Template literal with variable interpolation in command context
| 2187 | console.log(`[${event.id}] ${event.type}: ${res.status} ${res.statusText}`); |
Template literal with variable interpolation in command context
| 2189 | console.error(`[${event.id}] FAILED:`, error); |
Template literal with variable interpolation in command context
| 2280 | const response = await fetch(`https://core.interactor.com/api/v1${endpoint}`, options); |
Template literal with variable interpolation in command context
| 2284 | console.warn(`Rate limited. Retrying after ${retryAfter}s`); |
Curl to non-GitHub URL
| 47 | curl https://core.interactor.com/api/v1/webhooks/event-types \ |
Curl to non-GitHub URL
| 150 | curl -X POST https://core.interactor.com/api/v1/tokens \ |
Curl to non-GitHub URL
| 164 | curl -X POST https://core.interactor.com/api/v1/webhooks \ |
Curl to non-GitHub URL
| 203 | curl https://core.interactor.com/api/v1/webhooks \ |
Curl to non-GitHub URL
| 229 | curl https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Curl to non-GitHub URL
| 236 | curl -X PUT https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Curl to non-GitHub URL
| 248 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/toggle \ |
Curl to non-GitHub URL
| 255 | curl -X DELETE https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Curl to non-GitHub URL
| 264 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/regenerate-secret \ |
Curl to non-GitHub URL
| 286 | curl https://core.interactor.com/api/v1/webhooks/wh_abc/events \ |
Curl to non-GitHub URL
| 321 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
Curl to non-GitHub URL
| 1289 | curl -N https://core.interactor.com/api/v1/workflows/instances/inst_xyz/stream \ |
Curl to non-GitHub URL
| 1317 | curl -N https://core.interactor.com/api/v1/agents/rooms/room_xyz/stream \ |
Curl to non-GitHub URL
| 1970 | // curl -X POST http://localhost:4000/webhooks/interactor \ |
Curl to non-GitHub URL
| 1981 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
Fetch to external URL
| 1376 | const { token } = await fetch('/api/sse-token', { |
Webhook reference - potential data exfiltration
| 2 | name: interactor-webhooks |
Webhook reference - potential data exfiltration
| 3 | description: Receive real-time updates from Interactor via webhooks (push) or Server-Sent Events (pull). Use when building real-time UIs, monitoring credential changes, tracking workflow progress, or |
Webhook reference - potential data exfiltration
| 7 | # Interactor Webhooks and Streaming Skill |
Webhook reference - potential data exfiltration
| 9 | Receive real-time updates from Interactor via webhooks (push to your server) or Server-Sent Events (pull from browser/client). |
Webhook reference - potential data exfiltration
| 22 | - HTTPS endpoint for webhooks (required for production) |
Webhook reference - potential data exfiltration
| 23 | - Understanding of webhook security (signature verification) |
Webhook reference - potential data exfiltration
| 25 | ## Webhooks vs SSE: When to Use Each |
Webhook reference - potential data exfiltration
| 29 | | Backend notifications | **Webhooks** | Server-to-server, reliable delivery | |
Webhook reference - potential data exfiltration
| 30 | | Credential status changes | **Webhooks** | Background processing, no UI needed | |
Webhook reference - potential data exfiltration
| 31 | | Workflow completion | **Webhooks** | Trigger backend actions | |
Webhook reference - potential data exfiltration
| 36 | **General Rule**: Use webhooks for backend-to-backend, SSE for frontend real-time updates. |
Webhook reference - potential data exfiltration
| 40 | ## Webhooks |
Webhook reference - potential data exfiltration
| 42 | Webhooks push events to your server when things happen in Interactor. |
Webhook reference - potential data exfiltration
| 47 | curl https://core.interactor.com/api/v1/webhooks/event-types \ |
Webhook reference - potential data exfiltration
| 75 | | Category | Webhook Events | Description | |
Webhook reference - potential data exfiltration
| 85 | Interactor follows these principles for webhook payload changes: |
Webhook reference - potential data exfiltration
| 99 | - Test against the `/webhooks/:id/test` endpoint after updates |
Webhook reference - potential data exfiltration
| 105 | | `credential.created` | User completes OAuth flow | Webhook | Log for audit, update UI state | |
Webhook reference - potential data exfiltration
| 106 | | `credential.refreshed` | Token auto-refreshed | Webhook | Log for audit (usually no action needed) | |
Webhook reference - potential data exfiltration
| 107 | | `credential.expired` | Refresh token failed | Webhook | **Notify user to reconnect**, disable features | |
Webhook reference - potential data exfiltration
| 108 | | `credential.revoked` | User revoked via provider | Webhook | **Notify user to reconnect**, disable features | |
Webhook reference - potential data exfiltration
| 109 | | `workflow.instance.created` | Workflow started | Webhook | Track in analytics, show in dashboard | |
Webhook reference - potential data exfiltration
| 110 | | `workflow.instance.halted` | Workflow needs user input | Webhook | **Notify user**, show input form | |
Webhook reference - potential data exfiltration
| 111 | | `workflow.instance.completed` | Workflow finished successfully | Webhook | **Process results**, update records | |
Webhook reference - potential data exfiltration
| 112 | | `workflow.instance.failed` | Workflow error | Webhook | **Alert ops**, log error details | |
Webhook reference - potential data exfiltration
| 113 | | `agent.room.message` | AI sent complete message | Webhook | Forward to push notification or websocket | |
Webhook reference - potential data exfiltration
| 114 | | `agent.room.closed` | Chat session ended | Webhook | Log analytics, cleanup resources | |
Webhook reference - potential data exfiltration
| 130 | Webhook management requires specific permissions in Interactor: |
Webhook reference - potential data exfiltration
| 134 | | List webhooks | `webhooks:read` | Admin, Developer | |
Webhook reference - potential data exfiltration
| 135 | | Create webhook | `webhooks:write` | Admin, Developer | |
Webhook reference - potential data exfiltration
| 136 | | Update webhook | `webhooks:write` | Admin, Developer | |
Webhook reference - potential data exfiltration
| 137 | | Delete webhook | `webhooks:delete` | Admin only | |
Webhook reference - potential data exfiltration
| 138 | | Regenerate secret | `webhooks:write` | Admin, Developer | |
Webhook reference - potential data exfiltration
| 139 | | View delivery history | `webhooks:read` | Admin, Developer | |
Webhook reference - potential data exfiltration
| 143 | When creating API tokens for webhook management, request these scopes: |
Webhook reference - potential data exfiltration
| 144 | - `webhooks` - Full webhook management (read + write + delete) |
Webhook reference - potential data exfiltration
| 145 | - `webhooks:read` - Read-only access to webhook configuration |
Webhook reference - potential data exfiltration
| 146 | - `webhooks:write` - Create and update (no delete) |
Webhook reference - potential data exfiltration
| 149 | # Token with full webhook access |
Webhook reference - potential data exfiltration
| 152 | -d '{"name": "Webhook Manager", "scopes": ["webhooks"]}' |
Webhook reference - potential data exfiltration
| 155 | > **Security Note**: Webhook secrets are only shown once at creation and regeneration. Store them securely in environment variables or a secrets manager. |
Webhook reference - potential data exfiltration
| 161 | ### Step 1: Create a Webhook |
Webhook reference - potential data exfiltration
| 164 | curl -X POST https://core.interactor.com/api/v1/webhooks \ |
Webhook reference - potential data exfiltration
| 168 | "url": "https://yourapp.com/webhooks/interactor", |
Webhook reference - potential data exfiltration
| 184 | "url": "https://yourapp.com/webhooks/interactor", |
Webhook reference - potential data exfiltration
| 198 | > **CRITICAL**: Save the `secret` - you'll need it to verify webhook signatures. It's only shown once! |
Webhook reference - potential data exfiltration
| 200 | ### Step 2: List Webhooks |
Webhook reference - potential data exfiltration
| 203 | curl https://core.interactor.com/api/v1/webhooks \ |
Webhook reference - potential data exfiltration
| 211 | "webhooks": [ |
Webhook reference - potential data exfiltration
| 214 | "url": "https://yourapp.com/webhooks/interactor", |
Webhook reference - potential data exfiltration
| 226 | ### Step 3: Get Webhook Details |
Webhook reference - potential data exfiltration
| 229 | curl https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Webhook reference - potential data exfiltration
| 233 | ### Step 4: Update Webhook |
Webhook reference - potential data exfiltration
| 236 | curl -X PUT https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Webhook reference - potential data exfiltration
| 241 | "url": "https://yourapp.com/webhooks/v2/interactor" |
Webhook reference - potential data exfiltration
| 245 | ### Step 5: Toggle Webhook (Enable/Disable) |
Webhook reference - potential data exfiltration
| 248 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/toggle \ |
Webhook reference - potential data exfiltration
| 252 | ### Step 6: Delete Webhook |
Webhook reference - potential data exfiltration
| 255 | curl -X DELETE https://core.interactor.com/api/v1/webhooks/wh_abc \ |
Webhook reference - potential data exfiltration
| 264 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/regenerate-secret \ |
Webhook reference - potential data exfiltration
| 279 | > **CRITICAL**: The new secret is only shown once. Update your webhook handler immediately with the new secret. |
Webhook reference - potential data exfiltration
| 286 | curl https://core.interactor.com/api/v1/webhooks/wh_abc/events \ |
Webhook reference - potential data exfiltration
| 316 | ### Step 9: Test Webhook |
Webhook reference - potential data exfiltration
| 321 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
Webhook reference - potential data exfiltration
| 327 | ## Webhook Payload Format |
Webhook reference - potential data exfiltration
| 329 | All webhook events follow this structure: |
Webhook reference - potential data exfiltration
| 531 | ## Verifying Webhook Signatures |
Webhook reference - potential data exfiltration
| 533 | **CRITICAL**: Always verify signatures to ensure webhooks came from Interactor. |
Webhook reference - potential data exfiltration
| 537 | Webhooks include two headers for verification: |
Webhook reference - potential data exfiltration
| 578 | When rotating webhook secrets, you may have a period where both old and new secrets are valid: |
Webhook reference - potential data exfiltration
| 595 | const WEBHOOK_SECRETS = [ |
Webhook reference - potential data exfiltration
| 596 | process.env.INTERACTOR_WEBHOOK_SECRET!, // Current secret |
Webhook reference - potential data exfiltration
| 597 | process.env.INTERACTOR_WEBHOOK_SECRET_PREVIOUS!, // Previous secret (optional) |
Webhook reference - potential data exfiltration
| 603 | 2. Deploy new secret to `INTERACTOR_WEBHOOK_SECRET` |
Webhook reference - potential data exfiltration
| 604 | 3. Keep old secret in `INTERACTOR_WEBHOOK_SECRET_PREVIOUS` for 24-48 hours |
Webhook reference - potential data exfiltration
| 632 | * Validates and verifies the webhook signature using timing-safe comparison. |
Webhook reference - potential data exfiltration
| 670 | '/webhooks/interactor', |
Webhook reference - potential data exfiltration
| 679 | console.warn('Webhook rejected: invalid or stale timestamp'); |
Webhook reference - potential data exfiltration
| 684 | if (!isValidSignature(signatureHeader, payload, process.env.INTERACTOR_WEBHOOK_SECRET!)) { |
Webhook reference - potential data exfiltration
| 685 | console.warn('Webhook rejected: invalid signature'); |
Webhook reference - potential data exfiltration
| 690 | let event: WebhookEvent; |
Webhook reference - potential data exfiltration
| 700 | handleWebhookEvent(event).catch((err) => { |
Webhook reference - potential data exfiltration
| 709 | async function handleWebhookEvent(event: WebhookEvent) { |
Webhook reference - potential data exfiltration
| 759 | // Webhook event types for type safety |
Webhook reference - potential data exfiltration
| 760 | type WebhookEventType = |
Webhook reference - potential data exfiltration
| 772 | // SSE-only event types (not available via webhooks) |
Webhook reference - potential data exfiltration
| 787 | interface WebhookEvent<T = Record<string, unknown>> { |
Webhook reference - potential data exfiltration
| 789 | type: WebhookEventType; |
Webhook reference - potential data exfiltration
| 870 | Validate and verify webhook signature with timing-safe comparison. |
Webhook reference - potential data exfiltration
| 891 | @app.route('/webhooks/interactor', methods=['POST']) |
Webhook reference - potential data exfiltration
| 892 | def handle_webhook(): |
Webhook reference - potential data exfiltration
| 899 | print('Webhook rejected: invalid or stale timestamp') |
Webhook reference - potential data exfiltration
| 903 | if not is_valid_signature(signature_header, payload, os.environ['INTERACTOR_WEBHOOK_SECRET']): |
Webhook reference - potential data exfiltration
| 904 | print('Webhook rejected: invalid signature') |
Webhook reference - potential data exfiltration
| 916 | handle_webhook_event(event) |
Webhook reference - potential data exfiltration
| 921 | def handle_webhook_event(event: dict): |
Webhook reference - potential data exfiltration
| 958 | defmodule MyAppWeb.WebhookController do |
Webhook reference - potential data exfiltration
| 963 | # Maximum body size for webhooks (1MB should be plenty) |
Webhook reference - potential data exfiltration
| 976 | secret <- Application.fetch_env!(:my_app, :interactor_webhook_secret), |
Webhook reference - potential data exfiltration
| 1089 | Interactor retries failed webhook deliveries with exponential backoff: |
Webhook reference - potential data exfiltration
| 1099 | After 5 failed attempts, the webhook is **disabled**. Re-enable via the toggle endpoint. |
Webhook reference - potential data exfiltration
| 1103 | Your webhook handler's HTTP response determines Interactor's retry behavior: |
Webhook reference - potential data exfiltration
| 1134 | async function handleWebhookEvent(event: WebhookEvent) { |
Webhook reference - potential data exfiltration
| 1135 | const idempotencyKey = `webhook:processed:${event.id}`; |
Webhook reference - potential data exfiltration
| 1170 | const DLQ_KEY = 'webhook:dlq'; |
Webhook reference - potential data exfiltration
| 1172 | async function handleWebhookEvent(event: WebhookEvent) { |
Webhook reference - potential data exfiltration
| 1173 | const attemptKey = `webhook:attempts:${event.id}`; |
Webhook reference - potential data exfiltration
| 1193 | await alertOps(`Webhook event ${event.id} failed ${attempts} times`); |
Webhook reference - potential data exfiltration
| 1216 | Track webhook health with these metrics: |
Webhook reference - potential data exfiltration
| 1223 | // Webhook metrics |
Webhook reference - potential data exfiltration
| 1224 | const webhookReceived = new Counter({ |
Webhook reference - potential data exfiltration
| 1225 | name: 'interactor_webhook_received_total', |
Webhook reference - potential data exfiltration
| 1226 | help: 'Total webhooks received', |
Webhook reference - potential data exfiltration
| 1230 | const webhookProcessingDuration = new Histogram({ |
Webhook reference - potential data exfiltration
| 1231 | name: 'interactor_webhook_processing_duration_seconds', |
Webhook reference - potential data exfiltration
| 1232 | help: 'Webhook processing duration in seconds', |
Webhook reference - potential data exfiltration
| 1237 | const webhookDLQSize = new Gauge({ |
Webhook reference - potential data exfiltration
| 1238 | name: 'interactor_webhook_dlq_size', |
Webhook reference - potential data exfiltration
| 1243 | app.post('/webhooks/interactor', async (req, res) => { |
Webhook reference - potential data exfiltration
| 1244 | const timer = webhookProcessingDuration.startTimer(); |
Webhook reference - potential data exfiltration
| 1250 | webhookReceived.inc({ event_type: 'unknown', status: 'invalid_signature' }); |
Webhook reference - potential data exfiltration
| 1255 | webhookReceived.inc({ event_type: event.type, status: 'success' }); |
Webhook reference - potential data exfiltration
| 1257 | await handleWebhookEvent(event); |
Webhook reference - potential data exfiltration
| 1262 | webhookReceived.inc({ event_type: 'unknown', status: 'processing_error' }); |
Webhook reference - potential data exfiltration
| 1273 | | `webhook_received_total{status="invalid_signature"}` | >5 in 5min | Possible secret mismatch or attack | |
Webhook reference - potential data exfiltration
| 1274 | | `webhook_processing_duration_seconds` | p99 >5s | Risk of timeout, scale handlers | |
Webhook reference - potential data exfiltration
| 1275 | | `webhook_dlq_size` | >0 | Events need manual review | |
Webhook reference - potential data exfiltration
| 1276 | | `webhook_received_total{status="processing_error"}` | >10 in 5min | Handler bugs, investigate logs | |
Webhook reference - potential data exfiltration
| 1890 | | Webhooks per account | 50 | |
Webhook reference - potential data exfiltration
| 1892 | | Events per webhook | Unlimited | |
Webhook reference - potential data exfiltration
| 1898 | ### Webhooks |
Webhook reference - potential data exfiltration
| 1904 | 5. **Monitor delivery** - Check webhook events list for failures |
Webhook reference - potential data exfiltration
| 1905 | 6. **Use HTTPS** - Required for production webhooks |
Webhook reference - potential data exfiltration
| 1913 | 5. **Use for frontend only** - For backend, prefer webhooks |
Webhook reference - potential data exfiltration
| 1919 | ### Testing Webhooks Locally |
Webhook reference - potential data exfiltration
| 1921 | Webhooks require a publicly accessible URL. For local development: |
Webhook reference - potential data exfiltration
| 1928 | # Use the generated URL for your webhook |
Webhook reference - potential data exfiltration
| 1929 | # Example: https://abc123.ngrok.io/webhooks/interactor |
Webhook reference - potential data exfiltration
| 1937 | # Use the generated URL for your webhook |
Webhook reference - potential data exfiltration
| 1945 | ### Testing Webhook Signature Verification |
Webhook reference - potential data exfiltration
| 1950 | // test-webhook-signature.ts |
Webhook reference - potential data exfiltration
| 1970 | // curl -X POST http://localhost:4000/webhooks/interactor \ |
Webhook reference - potential data exfiltration
| 1981 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
Webhook reference - potential data exfiltration
| 1985 | This sends a test event to your webhook URL to verify it's working. |
Webhook reference - potential data exfiltration
| 1989 | Import this collection to test webhook handling: |
Webhook reference - potential data exfiltration
| 1993 | "info": { "name": "Interactor Webhooks", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, |
Webhook reference - potential data exfiltration
| 1995 | { "key": "webhook_secret", "value": "whsec_your_test_secret" }, |
Webhook reference - potential data exfiltration
| 1996 | { "key": "webhook_url", "value": "http://localhost:4000/webhooks/interactor" } |
Webhook reference - potential data exfiltration
| 2000 | "name": "Test Webhook - Credential Expired", |
Webhook reference - potential data exfiltration
| 2003 | "url": "{{webhook_url}}", |
Webhook reference - potential data exfiltration
| 2024 | const signature = crypto.HmacSHA256(payload, pm.variables.get('webhook_secret')).toString(); |
Webhook reference - potential data exfiltration
| 2038 | describe('Webhook Handler', () => { |
Webhook reference - potential data exfiltration
| 2039 | const WEBHOOK_SECRET = 'whsec_test_secret_123'; |
Webhook reference - potential data exfiltration
| 2042 | process.env.INTERACTOR_WEBHOOK_SECRET = WEBHOOK_SECRET; |
Webhook reference - potential data exfiltration
| 2046 | return 'sha256=' + crypto.createHmac('sha256', WEBHOOK_SECRET).update(payload).digest('hex'); |
Webhook reference - potential data exfiltration
| 2053 | it('accepts valid webhook', async () => { |
Webhook reference - potential data exfiltration
| 2062 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2076 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2090 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2104 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2125 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2133 | .post('/webhooks/interactor') |
Webhook reference - potential data exfiltration
| 2150 | // scripts/replay-webhook-events.ts |
Webhook reference - potential data exfiltration
| 2155 | webhookUrl: string; |
Webhook reference - potential data exfiltration
| 2156 | webhookSecret: string; |
Webhook reference - potential data exfiltration
| 2161 | async function replayEvents({ webhookUrl, webhookSecret, events, delayMs = 100 }: ReplayOptions) { |
Webhook reference - potential data exfiltration
| 2172 | .createHmac('sha256', webhookSecret) |
Webhook reference - potential data exfiltration
| 2177 | const res = await fetch(webhookUrl, { |
Webhook reference - potential data exfiltration
| 2203 | webhookUrl: 'http://localhost:4000/webhooks/interactor', |
Webhook reference - potential data exfiltration
| 2204 | webhookSecret: process.env.INTERACTOR_WEBHOOK_SECRET!, |
Webhook reference - potential data exfiltration
| 2213 | ### Webhook API Errors |
Webhook reference - potential data exfiltration
| 2217 | | `webhook_not_found` | 404 | Webhook ID doesn't exist | Verify webhook ID, may have been deleted | |
Webhook reference - potential data exfiltration
| 2220 | | `webhook_disabled` | 400 | Webhook disabled after failures | Fix endpoint issues, then toggle to re-enable | |
Webhook reference - potential data exfiltration
| 2221 | | `max_webhooks_exceeded` | 400 | Account webhook limit reached | Delete unused webhooks or contact support | |
Webhook reference - potential data exfiltration
| 2222 | | `url_unreachable` | 400 | Cannot reach webhook URL | Ensure URL is publicly accessible | |
Webhook reference - potential data exfiltration
| 2228 | ### Webhook Delivery Errors |
Webhook reference - potential data exfiltration
| 2297 | When implementing webhooks/streaming, provide this summary: |
Webhook reference - potential data exfiltration
| 2300 | ## Webhooks & Streaming Implementation Report |
Webhook reference - potential data exfiltration
| 2304 | ### Webhooks Configured |
Webhook reference - potential data exfiltration
| 2305 | | Webhook ID | URL | Events | Status | |
Webhook reference - potential data exfiltration
| 2307 | | wh_abc | https://app.com/webhooks | credential.*, workflow.* | ✓ Active | |
Webhook reference - potential data exfiltration
| 2328 | - [ ] Webhook endpoint uses HTTPS (required for production) |
Webhook reference - potential data exfiltration
| 2332 | - [ ] Webhook secret stored in environment variable (not in code) |
Webhook reference - potential data exfiltration
| 2337 | - [ ] Respond to webhooks within 5 seconds |
Webhook reference - potential data exfiltration
| 2345 | - [ ] Webhook received counter (by event_type, status) |
Webhook reference - potential data exfiltration
| 2361 | - [ ] Integration tests with test webhook endpoint |
Ngrok tunnel reference
| 1923 | **Option 1: ngrok (Recommended)** |
Ngrok tunnel reference
| 1925 | # Install ngrok: https://ngrok.com/download |
Ngrok tunnel reference
| 1926 | ngrok http 4000 # For Phoenix default port |
Ngrok tunnel reference
| 1929 | # Example: https://abc123.ngrok.io/webhooks/interactor |
Access to .env file
| 596 | process.env.INTERACTOR_WEBHOOK_SECRET!, // Current secret |
Access to .env file
| 597 | process.env.INTERACTOR_WEBHOOK_SECRET_PREVIOUS!, // Previous secret (optional) |
Access to .env file
| 684 | if (!isValidSignature(signatureHeader, payload, process.env.INTERACTOR_WEBHOOK_SECRET!)) { |
Access to .env file
| 1367 | process.env.SSE_TOKEN_SECRET, |
Access to .env file
| 1400 | { headers: { 'Authorization': `Bearer ${process.env.INTERACTOR_ACCESS_TOKEN}` } } |
Access to .env file
| 1868 | process.env.INTERACTOR_ACCESS_TOKEN! |
Access to .env file
| 2042 | process.env.INTERACTOR_WEBHOOK_SECRET = WEBHOOK_SECRET; |
Access to .env file
| 2204 | webhookSecret: process.env.INTERACTOR_WEBHOOK_SECRET!, |
External URL reference
| 47 | curl https://core.interactor.com/api/v1/webhooks/event-types \ |
External URL reference
| 150 | curl -X POST https://core.interactor.com/api/v1/tokens \ |
External URL reference
| 164 | curl -X POST https://core.interactor.com/api/v1/webhooks \ |
External URL reference
| 168 | "url": "https://yourapp.com/webhooks/interactor", |
External URL reference
| 184 | "url": "https://yourapp.com/webhooks/interactor", |
External URL reference
| 203 | curl https://core.interactor.com/api/v1/webhooks \ |
External URL reference
| 214 | "url": "https://yourapp.com/webhooks/interactor", |
External URL reference
| 229 | curl https://core.interactor.com/api/v1/webhooks/wh_abc \ |
External URL reference
| 236 | curl -X PUT https://core.interactor.com/api/v1/webhooks/wh_abc \ |
External URL reference
| 241 | "url": "https://yourapp.com/webhooks/v2/interactor" |
External URL reference
| 248 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/toggle \ |
External URL reference
| 255 | curl -X DELETE https://core.interactor.com/api/v1/webhooks/wh_abc \ |
External URL reference
| 264 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/regenerate-secret \ |
External URL reference
| 286 | curl https://core.interactor.com/api/v1/webhooks/wh_abc/events \ |
External URL reference
| 321 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
External URL reference
| 1289 | curl -N https://core.interactor.com/api/v1/workflows/instances/inst_xyz/stream \ |
External URL reference
| 1317 | curl -N https://core.interactor.com/api/v1/agents/rooms/room_xyz/stream \ |
External URL reference
| 1399 | `https://core.interactor.com/api/v1/agents/rooms/${req.params.roomId}/stream`, |
External URL reference
| 1419 | // Access-Control-Allow-Origin: https://yourdomain.com |
External URL reference
| 1423 | // connect-src 'self' https://core.interactor.com; |
External URL reference
| 1477 | `https://core.interactor.com/api/v1/agents/rooms/${roomId}/stream?token=${token}` |
External URL reference
| 1571 | const url = `https://core.interactor.com/api/v1/agents/rooms/${roomId}/stream?token=${token}`; |
External URL reference
| 1867 | 'https://core.interactor.com/api/v1', |
External URL reference
| 1925 | # Install ngrok: https://ngrok.com/download |
External URL reference
| 1929 | # Example: https://abc123.ngrok.io/webhooks/interactor |
External URL reference
| 1942 | cloudflared tunnel --url http://localhost:4000 |
External URL reference
| 1970 | // curl -X POST http://localhost:4000/webhooks/interactor \ |
External URL reference
| 1981 | curl -X POST https://core.interactor.com/api/v1/webhooks/wh_abc/test \ |
External URL reference
| 1993 | "info": { "name": "Interactor Webhooks", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, |
External URL reference
| 1996 | { "key": "webhook_url", "value": "http://localhost:4000/webhooks/interactor" } |
External URL reference
| 2203 | webhookUrl: 'http://localhost:4000/webhooks/interactor', |
External URL reference
| 2218 | | `invalid_url` | 400 | URL not valid HTTPS | Use `https://` URL (HTTP only in dev) | |
External URL reference
| 2280 | const response = await fetch(`https://core.interactor.com/api/v1${endpoint}`, options); |
External URL reference
| 2307 | | wh_abc | https://app.com/webhooks | credential.*, workflow.* | ✓ Active | |