Get notified via HTTP POST request when Autosana completes a batch of flow runs.
Setup
- Go to Settings > Integrations
- Click Add Webhook
- Enter your HTTPS endpoint URL
- Optionally add a signing secret for payload verification
Payload Example
{
"event": "batch.completed",
"timestamp": "2025-01-31T12:34:56.789Z",
"app": {
"id": "com.example.myapp",
"name": "My App",
"platform": "android",
"url": "https://jwvmttqclexlhnhfxuyq.supabase.co/storage/v1/object/public/app_builds/a1b2c3d4-e5f6-7890-abcd-ef1234567890/my_app.apk"
},
"git": {
"commit_sha": "a1b2c3d4e5f6g7h8i9j0",
"branch": "main"
},
"summary": {
"total_groups": 3,
"passed_groups": 2,
"failed_groups": 1
},
"run_groups": [
{
"name": "Login Suite",
"status": "passed",
"url": "https://autosana.ai/runs/groups/f1e2d3c4-b5a6-7890-abcd-ef1234567890",
"runs": [
{
"name": "User can sign in with email",
"status": "passed",
"url": "https://autosana.ai/runs/flow/12345678-abcd-ef12-3456-7890abcdef12"
}
]
}
]
}
The git object is only included when the app build has git metadata (e.g., uploaded via CI/CD with commit info).
Verifying Signatures
If you configure a signing secret, payloads are signed with HMAC-SHA256. The signature is in the X-Autosana-Signature-256 header as sha256=<signature>.
import hmac
import hashlib
def verify_signature(payload: str, signature_header: str, secret: str) -> bool:
expected = signature_header.removeprefix("sha256=")
computed = hmac.new(secret.encode(), payload.encode(), hashlib.sha256).hexdigest()
return hmac.compare_digest(expected, computed)
const crypto = require('crypto');
function verifySignature(payload, signatureHeader, secret) {
const expected = signatureHeader.slice(7); // Remove "sha256="
const computed = crypto.createHmac('sha256', secret).update(payload).digest('hex');
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(computed));
}
