Webhooks
Webhooks let you notify external systems (cache invalidation services, search indexers, CI/CD pipelines) when content events occur in Alokai CMS.
Managing webhooks
Go to Settings → Webhooks and click New Webhook.
| Field | Description |
|---|---|
| Name | A label for this webhook |
| URL | The endpoint to POST to |
| Events | Which events trigger this webhook |
| Secret | Optional HMAC secret for payload signing |
| Headers | Additional headers to include in requests |
| Active | Enable or disable without deleting |
Events
| Event | Triggered when |
|---|---|
page.published | A page is published or re-published |
page.unpublished | A page is unpublished |
page.scheduled | A page is scheduled for future publish |
page.archived | A page is archived |
component.published | A component is published |
component.unpublished | A component is unpublished |
Payload format
{ "event": "page.published", "timestamp": "2025-03-17T12:34:56.000Z", "resource": { "id": "pg_01jnk...", "type": "page", "path": "/about" }}Payload signing
If you set a Secret, Alokai CMS signs the payload using HMAC-SHA256 and includes the signature in the X-Alokai CMS-Signature header. Verify this on your server to ensure the request came from Alokai CMS:
const expectedSig = crypto .createHmac('sha256', secret) .update(rawBody) .digest('hex');
if (expectedSig !== req.headers['x-alokon-signature']) { return res.status(401).send('Invalid signature');}Testing webhooks
Click Send Test on any webhook to fire a test event and verify your endpoint is reachable.