Skip to content
Sendora Cloud
Create account
Operate · Webhooks

One signed subscription to the whole platform's event taxonomy — Stripe / Svix delivery posture, zero per-event bill.

Svix Pro is $490/mo for the delivery infra alone; you still ship product events into it. Hookdeck Mid is ~$200/mo. Sendora bundles the same delivery posture (HMAC-SHA256 signed, exponential-backoff retry, replay, delivery log, SSRF-guarded inbound) into every module's event stream natively. One webhook endpoint subscription captures `auth.user_created`, `auth.device_takeover`, `push.token_invalidated`, `email.bounced`, `support.ticket_created`, `csat.detractor`, `billing.subscription_updated`, `automation.run_completed`, `attribution.install_attributed`, and 40+ more — one signed payload format, one rotating secret, one delivery log. The "integrate this" step in every SaaS evaluation, already done.

Coming soon. Webhooks is built and running internally, but not yet generally available while we roll modules out in batches. Start free today with the available modules — we'll enable Webhooks on your account as it ships.

Features

  • One subscription, whole taxonomy — 50+ canonical event types across auth, push, email, sms, links, surveys, automation, billing, support, csat, consent, attribution. Customer subscribes once + their mirror stays in sync.
  • HMAC-SHA256 signingt=…,v1=… header (Stripe convention) so SDKs your team already wrote against Stripe slot in unchanged.
  • Exponential backoff (2s / 8s / 30s / 90s) + permanent-vs-transient HTTP status classification — 4xx (except 408/429) goes permanent fast; 5xx / network / 429 retry.
  • Per-endpoint event filters — subscribe to auth.* only, email.bounced only, whatever. Multiple endpoints per org, each with its own filter.
  • Delivery log + one-click replay — every attempt logged with status code + response body + reconstructed signed-header line. Failed deliveries replay individually or in bulk by event filter.
  • Inbound endpoints with SSRF guard — accept provider callbacks (Stripe, GitHub, Slack) without standing up your own validator stack. lib/url-safety.ts blocks RFC1918, loopback, link-local, cloud-metadata IPs (169.254.169.254, etc.), CGN ranges. Replay-window guard built in.
  • Rotating signing secret — endpoint can hold two active secrets during rotation, both verify, then retire the old one. No webhook outage during key rotation.

Common use cases

Replace Svix ($490+/mo Pro) — the delivery posture is identical (HMAC + exp backoff + replay), the event source ships with it.

Replace Hookdeck (~$200/mo Mid) — same posture, plus you don't have to ship product events into it first.

Mirror Sendora identity / messaging / support into your DB — `auth.device_takeover` deletes the right row, `email.bounced` updates the right user trait, `csat.detractor` flags the right account.

Accept Stripe / GitHub / Slack callbacks without a separate validator service.

Cross-tool wiring — Slack alerts on detractor CSAT, Discord pings on ticket SLA breach, PagerDuty on auth.signin_storm.

Start in minutes. Scale without switching tools.

The free tier covers most side projects. Every module is turn-key and every SDK is first-party.