Skip to main content
Webhooks are how you know if a post actually went live or if it exploded.
Prerequisite: You need an API Key and a URL where we can send POST requests.

Setup

  1. Go to the Webhooks Dashboard.
  2. Add your URL (e.g., https://api.yourapp.com/webhooks/bundle).
  3. Get your Signing Secret.
Local Dev: Use ngrok to test locally. ngrok http 3000.

Events

We support these events:
  • post.published: Post is live.
  • post.failed: Post failed (check error details).
  • comment.published: First comment added.
  • social-account.created: User connected an account.
  • social-account.deleted: User disconnected.

Security (Verify It’s Us)

Don’t trust random POST requests. Verify the signature. Header: x-signature Algorithm: HMAC SHA256

Node.js Example

import crypto from 'crypto';

function verifySignature(body: string, signature: string, secret: string) {
  const sig = crypto
    .createHmac('sha256', secret)
    .update(body) // Raw body string
    .digest('hex');

  return sig === signature;
}

// Express Middleware
app.post('/webhook', (req, res) => {
  const signature = req.headers['x-signature'];
  const secret = process.env.BUNDLE_WEBHOOK_SECRET;

  if (!verifySignature(JSON.stringify(req.body), signature, secret)) {
    return res.status(400).send('Nice try, hacker.');
  }

  const event = req.body;
  console.log('Received event:', event.type);
  
  res.send('Received');
});