Webhooks that deliver. And retry. And stay signed.
Standard Webhooks spec. HMAC-SHA256 signed. BullMQ-backed delivery with 8-attempt exponential retry.
Your webhook handler fails once. Does your platform even notice?
Webhooks without retries are a single point of failure. Webhooks without signing are a security hole. Webhooks without a delivery log are a debugging nightmare.
Appstrate ships the full Standard Webhooks spec: HMAC signing, exponential backoff, full delivery history, per-app scoping, secret rotation.
Subscribe. Sign. Retry. Log.
Create a webhook, receive signed events, failures retry 8 times over ~24h, every delivery is queryable.
Every piece of Appstrate is a declared, versioned artifact — the agent, its tools, its skills, its provider connections. You describe them once; the platform handles packaging, dependencies, isolation, and execution.
Each section below goes deeper on what that means for webhooks that deliver. and retry. and stay signed.
View the full example in the docs →What makes it work.
HMAC-SHA256 signed
Standard Webhooks spec. Tamper detection.
8-attempt retry
Exponential backoff. Full delivery log per attempt.
SSRF protection
Outbound URLs validated. No metadata endpoint leaks.
Secret rotation
Rotate instantly. Previous secret invalidated.
Works great with
Webhooks that reach their destination.
Signed, retried, logged. Standard Webhooks spec, all the way down.