Skip to content

Custom webhook

Bring your own endpoint.

For developers and ops teams: receive OnCall events at any HTTPS URL. HMAC-SHA256 signed, retry queue with exponential backoff, full delivery log.

  1. 01

    Stand up an HTTPS endpoint

    Any framework that accepts a JSON POST. The URL must be HTTPS — we don't deliver to plain HTTP.

  2. 02

    Add a custom destination in OnCall

    Settings → Integrations → Custom webhook. Paste the URL. We generate a signing secret you'll store in your app's env.

  3. 03

    Verify the HMAC signature on each request

    Header X-OnCall-Signature is sha256=<hex(hmac_sha256(secret, body))>. Constant-time compare in your handler.

  4. 04

    Pick which events to receive

    All 10 by default. Filter to a subset (e.g. only booking.* if you're a calendar app).

  5. 05

    Send a test event

    A sample lead.created payload fires. Confirm signature verification + idempotency.

  6. 06

    Save and watch the delivery log

    Every delivery — success, retry, failure — is logged for 30 days with full request and response.

Idempotency

Each event has a unique event_id. We retry on non-2xx; your handler should be idempotent on event_id.

Retry policy

30s → 2m → 10m → 1h → 6h → 12h. After 6 failed attempts we email the destination owner and disable the destination until manually re-enabled.

Ready to put your AI to work?

Plug and play. Configured automatically for your industry. Pay only when your AI actually works.

Start free — $50 to activate Hear your AI call you

Pay only when AI works · No contracts · Cancel anytime