Configuring Webhooks
VeloGit supports webhooks to deliver real-time event notifications to external systems. Webhooks can be configured at the Organization level (all repos) or at the Repository level (one repo only).
Scope: Org vs. Repository
Section titled “Scope: Org vs. Repository”| Level | Where to configure | Fires for |
|---|---|---|
| Organization | Organization Settings → Webhooks | All repositories in the org |
| Repository | Repository Settings → Webhooks | That repository only |
Events
Section titled “Events”| Event | When it fires |
|---|---|
push | Code is pushed to any branch |
pull_request.created | A new pull request is opened |
comment.created | A comment is posted on a pull request |
ping | Test event — verify your endpoint is reachable |
* | All supported events |
Connector Types
Section titled “Connector Types”VeloGit supports three connector types that control how payloads are formatted.
Standard
Section titled “Standard”A generic JSON payload. Use this for custom integrations or any system that accepts raw JSON.
Formats the payload as a Slack-compatible message. Point the URL at an Incoming Webhook URL from your Slack app. VeloGit will send a message with the repository name, event type, and — for pull request events — the PR title and author.
Discord
Section titled “Discord”Formats the payload as a Discord embed. Point the URL at a Discord channel webhook URL. The message includes the same PR context as the Slack connector.
Signing Secrets
Section titled “Signing Secrets”Every webhook payload is signed with a secret using HMAC SHA-256. You should verify this signature in your receiving application to confirm the request originated from VeloGit.
The signature is sent in the X-VeloGit-Signature-256 header in the format sha256=<hex_digest>.
Secrets are shown only once — at the moment the webhook is created. Copy it before closing the creation dialog. If you lose the secret, delete the webhook and create a new one. If you leave the secret field blank when creating a webhook, VeloGit auto-generates one for you.
Verification Example (Go)
Section titled “Verification Example (Go)”func verifySignature(secret, body, signature string) bool { h := hmac.New(sha256.New, []byte(secret)) h.Write([]byte(body)) expected := "sha256=" + hex.EncodeToString(h.Sum(nil)) return hmac.Equal([]byte(expected), []byte(signature))}Managing Webhooks
Section titled “Managing Webhooks”Adding a webhook
Section titled “Adding a webhook”- Navigate to Organization Settings or Repository Settings.
- Click the Webhooks tab.
- Click Add webhook.
- Enter the target URL, choose a connector type, and optionally enter a signing secret (leave blank to auto-generate).
- Click Save. The signing secret is displayed once — copy it now.
Viewing delivery history
Section titled “Viewing delivery history”Click the history icon next to any webhook to see recent delivery attempts, including the full request payload and the endpoint’s response body and status code.
Testing a webhook
Section titled “Testing a webhook”Click the ping icon next to a webhook to send a test ping event immediately.