Webhooks

Webhooks let you receive automatic HTTP notifications when events happen in your workspace - a link is created, a domain is verified, a member is removed, and more. Use them to connect nobsredir to Slack, Zapier, your CRM, or any system that can receive HTTP requests.

Available on Pro, Team, and Agency plans.

How it works

You create a webhook in your workspace and point it at a URL you control
You choose which events you care about (e.g. link.created, link.deleted)
When one of those events happens, we send an HTTP POST to your URL with the event details
Your server processes the event and responds with a 2xx status code

That’s it. No polling, no delays.

Create a webhook

Go to Settings > Webhooks
Click New Webhook
Enter a name, your HTTPS endpoint URL, and select the events you want
Click Create
Copy the secret immediately - it’s only shown once

Event	What happened
link.created	A link was created (single or bulk)
link.updated	A link’s target, slug, tags, or settings changed
link.deleted	A link was deleted (single or bulk)
link.expired	An expired link was accessed for the first time after its expiry date
link.broken	A monitored link started returning errors
link.recovered	A previously broken link started working again
domain.added	A custom domain was added
domain.verified	A custom domain passed DNS verification
domain.removed	A custom domain was deleted
member.added	A member was added to the workspace
member.removed	A member was removed
member.role_changed	A member’s role was changed

What you receive

Each webhook delivery is a JSON POST request. Here’s what a link.created event looks like:

{
  "id": "evt_a1b2c3d4e5f6g7h8",
  "type": "link.created",
  "workspace_id": "ws_abc123",
  "timestamp": "2025-01-20T14:05:00.000Z",
  "data": {
    "id": "lnk_xyz789",
    "domain": "go.yourco.com",
    "slug": "demo",
    "target": "https://example.com/page",
    "short_url": "https://go.yourco.com/demo"
  }
}

The data field contains the relevant details for each event type.

Test your webhook

After creating a webhook, click Test to send a test event to your endpoint. This lets you verify your server is receiving and processing events correctly before real events start firing.

The test response shows the HTTP status code, response time, and any errors - so you can debug issues without waiting for real events.

Manage webhooks

Pause delivery

Set a webhook to inactive to temporarily stop receiving events. Events that happen while paused are not queued - they’re simply skipped. Reactivate when you’re ready.

Rotate secret

If your webhook secret is compromised, click Rotate Secret to generate a new one. The old secret stops working immediately. Update your server with the new secret right away.

Delivery logs

Every delivery attempt is logged with the HTTP status code, response time, and success/failure status. Logs are kept for 7 days.

Filter by success or failure to quickly find issues.

Security

Verifying signatures

Every webhook delivery includes an X-Webhook-Signature header. Always verify this signature in your handler to confirm the request came from nobsredir, not a third party.

The signature is an HMAC-SHA256 hash of the timestamp and body, using your webhook secret as the key. See the developer docs for verification code in Node.js and Python.

URL requirements

Must use HTTPS (not HTTP)
Cannot point to private/internal addresses (localhost, 192.168.x.x, 10.x.x.x, etc.)
Maximum 2048 characters

Limits

Plan	Max webhooks per workspace
Free	Not available
Pro	3
Team	10
Agency	25

Good to know

Best-effort delivery - events are sent once. If your server is down, the event is logged as failed but not retried. Check delivery logs to catch any missed events.
5-second timeout - if your endpoint doesn’t respond within 5 seconds, the delivery is marked as failed.
Ordering - events are delivered in approximate order. If strict ordering matters, use the timestamp field in the payload.