HoneyGate Docs
Pricing Get HoneyGate

Outbound webhooks

Get a signed HTTP POST to your own endpoint the moment something happens in your server.

Webhooks are the push counterpart to the REST API: instead of you polling HoneyGate, HoneyGate calls your URL the instant something happens. Available on every plan.

Setup

In the admin panel under Webhooks (/admin/outbound-webhooks/), add a subscription with:

Each subscription gets a unique signing secret. You can have up to 10 active subscriptions per server.

Events you can subscribe to

A selection of the available events:

Subscribe to * to receive everything.

Payload

Every delivery is a POST with a JSON body:

{
  "event": "gate.passed",
  "guild_id": 123456789012345678,
  "data": { "...": "event-specific fields" },
  "webhook_id": 42,
  "timestamp": "2026-04-23T14:30:15Z"
}

Useful headers on each request:

Verifying the signature

Each request is signed so you can trust it came from HoneyGate. The signature is an HMAC-SHA256 of the raw JSON body, using your subscription's secret, sent as:

X-HoneyGate-Signature: sha256=<hex digest>

To verify: compute HMAC-SHA256(rawBody, yourSecret) and compare it to the value after sha256= (use a constant-time compare). If they don't match, reject the request.

// Node.js example
const crypto = require('crypto');
const expected = 'sha256=' + crypto
  .createHmac('sha256', YOUR_SECRET)
  .update(rawBody)            // the exact bytes you received
  .digest('hex');
const ok = crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(sigHeader));

Delivery & retries