Send an event to a published Rules Automation webhook trigger at https://rule-automation.transcend.io or https://rule-automation.us.transcend.io. N.B. This is not a Sombra or api.transcend.io route.
Transcend validates the request, verifies the HMAC signature, and enqueues the payload for asynchronous rule evaluation and action execution (for example, a Custom Function). The caller receives an immediate acknowledgment and is not blocked waiting for action completion.
Configure the signing key, algorithm (sha256 or sha1), signature header, and optional timestamp fields in the Admin Dashboard when creating the webhook trigger. See the Rules Automation webhook guide for details.
POST
/api/v1/webhooks/{webhookId}Each request is authenticated with an HMAC signature. Transcend verifies the signature over the raw request body using the signing key, algorithm (sha256 or sha1), and signature header you configure on the webhook trigger in the Admin Dashboard.
The signature header name is configurable per webhook trigger (for example, X-Hub-Signature-256 for GitHub or X-Signature for Customer.io).
content-typestringSpecify content-type: application/json for a JSON response from the Transcend API. |
application/json
Any JSON payload sent by the external provider — a JSON object or array. The entire request body is forwarded unchanged to the rule's action (for example, a Custom Function), so there is no fixed schema.
Request Body Example
User created event:
{
"event": "user.created",
"user": {
"id": "usr_123",
"email": "user@example.com"
},
"timestamp": "2026-06-08T16:07:14Z"
}200 (OK)
application/jsonWebhook accepted for asynchronous processing. Custom Function or other action execution happens after this response.
Response Body
acceptedboolean(required)enum:"true"Whether the webhook was accepted for asynchronous processing. |
Unique message ID for tracing and deduplication. |
Response Body Example
Accepted:
{
"accepted": true,
"messageId": "550e8400-e29b-41d4-a716-446655440000"
}400 (Bad Request)
application/jsonMalformed request body.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Invalid JSON:
{
"error": "Invalid JSON payload"
}401 (Unauthorized)
application/jsonHMAC signature verification failed.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Invalid signature:
{
"error": "Invalid webhook signature"
}404 (Not Found)
application/jsonWebhook trigger not found or rule is not active.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Webhook not found:
{
"error": "Webhook not found"
}405 (Method Not Allowed)
application/jsonOnly POST is supported.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Method not allowed:
{
"error": "Method not allowed"
}413 (Request Entity Too Large)
application/jsonRequest body exceeds the maximum payload size (default 1 MB).
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Payload too large:
{
"error": "Payload too large"
}415 (Unsupported Media Type)
application/jsonContent-Type must be application/json.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Unsupported content type:
{
"error": "Unsupported content type"
}429 (Too Many Requests)
application/jsonRate limit exceeded. The response includes a Retry-After header (seconds). Default limits: 100 requests per webhook and 1,000 requests per organization per 60-second window.
Response Headers
Retry-Afterinteger |
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Rate limit exceeded:
{
"error": "Rate limit exceeded"
}500 (Internal Server Error)
application/jsonInternal server error.
Response Body
errorstring(required)Human-readable error message. |
Response Body Example
Internal server error:
{
"error": "Internal server error"
}