Scope
System collection for webhook subscriptions. Register via REST API or admin panel. Each webhook targets a URL, listens to specific collection lifecycle events, and has a signing secret for payload verification.
// POST /api/_webhooks
{
"url": "https://slack.example.com/webhook",
"events": ["posts.afterChange", "posts.afterDelete"],
"secret": "whsec_...",
"active": true
}Deliverables
_webhooks system collection: url, events (array), secret, active, createdAt- REST API at
/api/_webhooks with CRUD (admin-only access)
- Event format:
{collection}.{hookName} — e.g., posts.afterChange, users.afterDelete
- Wildcard support:
posts.* subscribes to all post events, *.afterChange subscribes to all changes
- Admin UI: webhook management page — create, edit, toggle active, delete
- Secret generation helper:
valence webhook:secret CLI command
- Tests: CRUD operations, event format validation, wildcard matching, admin UI rendering
Scope
System collection for webhook subscriptions. Register via REST API or admin panel. Each webhook targets a URL, listens to specific collection lifecycle events, and has a signing secret for payload verification.
Deliverables
_webhookssystem collection: url, events (array), secret, active, createdAt/api/_webhookswith CRUD (admin-only access){collection}.{hookName}— e.g.,posts.afterChange,users.afterDeleteposts.*subscribes to all post events,*.afterChangesubscribes to all changesvalence webhook:secretCLI command