Outbound webhooks let Atoll notify external systems when work changes.
Use cases
- Notify a deployment system when an issue is marked done.
- Send task changes into a data warehouse.
- Trigger internal automation on assignment or priority changes.
- Mirror updates into Slack, Discord, or another project system.
Create a webhook
atoll webhook create --url https://example.com/atoll-webhook --events issue.created,issue.updated
Or use the API:
{
"url": "https://example.com/atoll-webhook",
"events": ["issue.created", "issue.updated"],
"enabled": true
}
The create response includes a secret. Store it immediately; it is shown only once. Atoll signs deliveries in the X-Atoll-Signature header as sha256=<hmac>, where the HMAC-SHA256 key is the SHA-256 hex digest of that secret and the message is the exact raw request body. Each delivery also includes X-Atoll-Delivery-Id for receiver-side deduplication.
Inspect deliveries
GET /api/webhooks/{id}/deliveries
Delivery history keeps the recent payloads, outcomes, retry status, and next retry time needed for debugging. Atoll retries network failures and 5xx responses after 5s and 30s immediately; longer retries are recorded as retry_pending and drained by a 15-minute internal cron.
Redeliver
POST /api/webhooks/{id}/redeliver/{deliveryId}
Use redelivery after the receiving endpoint has been fixed.
Test
POST /api/webhooks/{id}/test
The test route sends a ping event to confirm the receiver is reachable.
Webhook URLs must use HTTPS DNS hostnames. IP literals, localhost, and .local hosts are rejected, private or otherwise non-public DNS results are blocked at delivery time, and redirects are not followed.