Skip to content

Configuring Webhooks

VeloGit supports webhooks to deliver real-time event notifications to external systems. Webhooks can be configured at the Organization level (all repos) or at the Repository level (one repo only).

LevelWhere to configureFires for
OrganizationOrganization Settings → WebhooksAll repositories in the org
RepositoryRepository Settings → WebhooksThat repository only
EventWhen it fires
pushCode is pushed to any branch
pull_request.createdA new pull request is opened
comment.createdA comment is posted on a pull request
pingTest event — verify your endpoint is reachable
*All supported events

VeloGit supports three connector types that control how payloads are formatted.

A generic JSON payload. Use this for custom integrations or any system that accepts raw JSON.

Formats the payload as a Slack-compatible message. Point the URL at an Incoming Webhook URL from your Slack app. VeloGit will send a message with the repository name, event type, and — for pull request events — the PR title and author.

Formats the payload as a Discord embed. Point the URL at a Discord channel webhook URL. The message includes the same PR context as the Slack connector.

Every webhook payload is signed with a secret using HMAC SHA-256. You should verify this signature in your receiving application to confirm the request originated from VeloGit.

The signature is sent in the X-VeloGit-Signature-256 header in the format sha256=<hex_digest>.

Secrets are shown only once — at the moment the webhook is created. Copy it before closing the creation dialog. If you lose the secret, delete the webhook and create a new one. If you leave the secret field blank when creating a webhook, VeloGit auto-generates one for you.

func verifySignature(secret, body, signature string) bool {
h := hmac.New(sha256.New, []byte(secret))
h.Write([]byte(body))
expected := "sha256=" + hex.EncodeToString(h.Sum(nil))
return hmac.Equal([]byte(expected), []byte(signature))
}
  1. Navigate to Organization Settings or Repository Settings.
  2. Click the Webhooks tab.
  3. Click Add webhook.
  4. Enter the target URL, choose a connector type, and optionally enter a signing secret (leave blank to auto-generate).
  5. Click Save. The signing secret is displayed once — copy it now.

Click the history icon next to any webhook to see recent delivery attempts, including the full request payload and the endpoint’s response body and status code.

Click the ping icon next to a webhook to send a test ping event immediately.