Skip to content
Layeron Doc

Overview

Layeron Webhooks gives your backend a reliable way to receive events from providers such as Stripe and custom vendors, and to send signed events to other systems.

You declare a webhook in application code. Layeron creates the public endpoint, stores every event record, keeps payloads available for inspection and replay, queues handler work, and connects webhook secrets to the Secrets product.

Terminal window
import { backend, secret } from "@layeron/core"
import { webhooks } from "@layeron/modules"


const app = backend()


const stripe = webhooks.stripe({
  path: "/webhooks/stripe",
  secret: secret("STRIPE_WEBHOOK_SECRET"),
  on: {
    "invoice.paid": async (event) => {
      console.log("Paid invoice", event.payload)
    },
  },
})


app.use(stripe)

Common workflows

Section titled “Common workflows”

Webhooks covers the workflows application teams need in production:

  • Receive provider events on a stable path or a dedicated hostname.
  • Verify HMAC signatures with provider presets or custom rules.
  • Store event records, headers, payload references, attempts, and replay history.
  • Deduplicate repeated provider deliveries by event ID or a custom key.
  • Process inbound work from a queue with retries and dead-letter behavior.
  • Send outbound webhooks to one or more endpoints.
  • Sign outbound deliveries with Secrets-backed signing keys.
  • List, inspect, and replay events from application code or a dashboard.

Core concepts

Section titled “Core concepts”

Webhooks has five core concepts:

  • Inbound webhook: A public endpoint that receives provider events and runs your handler.
  • Outbound webhook: A named publisher that sends events to configured endpoints.
  • Signature: The verification or signing rule for a webhook.
  • Event record: The durable record of one inbound or outbound event.
  • Delivery attempt: One processing or HTTP delivery try for an event.

Product integrations

Section titled “Product integrations”

Webhooks works with other Layeron products automatically:

  • Secrets stores verification and signing keys.
  • Database stores event records, attempts, delivery state, dedupe keys, and replay history.
  • Storage stores raw payload bodies for later inspection and replay.
  • Queue handles asynchronous processing and outbound delivery.
  • Log and Observability capture failures, timings, and operational signals.

Next Steps

Section titled “Next Steps”
  • Get started: Create a secret, add Stripe or custom inbound webhooks, read events, and replay records.
  • Inbound handlers: Use one handler, route by event type, deduplicate provider retries, and control return behavior.
  • Signatures and secrets: Verify Stripe, HMAC, signed payload, unusual, and custom signatures.
  • Delivery settings: Configure inbound retry behavior, outbound retries, dedupe windows, and observability.
  • Paths and domains: Place endpoints by path or host and name them consistently.
  • Send webhooks: Publish signed outbound events with per-endpoint secrets and retry policy.
  • Events and replay: List, inspect, replay, and expose admin retry routes for webhook records.
  • API reference: Review provider options, signature config, retry settings, event records, and module methods.