> ## Documentation Index
> Fetch the complete documentation index at: https://docs.autosana.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhooks

> Receive HTTP notifications when flow runs complete

Get notified via HTTP POST request when Autosana completes a batch of flow runs.

## Setup

1. Go to **[Settings > Integrations](https://autosana.ai/settings?tab=integrations)**
2. Click **Add Webhook**
3. Enter your HTTPS endpoint URL
4. Optionally add a signing secret for payload verification

## Payload Example

```json theme={null}
{
  "event": "batch.completed",
  "timestamp": "2025-01-31T12:34:56.789Z",
  "app": {
    "id": "com.example.myapp",
    "name": "My App",
    "platform": "android",
    "url": "https://jwvmttqclexlhnhfxuyq.supabase.co/storage/v1/object/public/app_builds/a1b2c3d4-e5f6-7890-abcd-ef1234567890/my_app.apk"
  },
  "git": {
    "commit_sha": "a1b2c3d4e5f6g7h8i9j0",
    "branch": "main"
  },
  "summary": {
    "total_groups": 3,
    "passed_groups": 2,
    "failed_groups": 1
  },
  "run_groups": [
    {
      "name": "Login Suite",
      "status": "passed",
      "url": "https://autosana.ai/runs/groups/f1e2d3c4-b5a6-7890-abcd-ef1234567890",
      "runs": [
        {
          "name": "User can sign in with email",
          "status": "passed",
          "url": "https://autosana.ai/runs/flow/12345678-abcd-ef12-3456-7890abcdef12"
        }
      ]
    }
  ]
}
```

<Note>
  The `git` object is only included when the app build has git metadata (e.g., uploaded via CI/CD with commit info).
</Note>

## Verifying Signatures

If you configure a signing secret, payloads are signed with HMAC-SHA256. The signature is in the `X-Autosana-Signature-256` header as `sha256=<signature>`.

```python theme={null}
import hmac
import hashlib

def verify_signature(payload: str, signature_header: str, secret: str) -> bool:
    expected = signature_header.removeprefix("sha256=")
    computed = hmac.new(secret.encode(), payload.encode(), hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, computed)
```

```javascript theme={null}
const crypto = require('crypto');

function verifySignature(payload, signatureHeader, secret) {
  const expected = signatureHeader.slice(7); // Remove "sha256="
  const computed = crypto.createHmac('sha256', secret).update(payload).digest('hex');
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(computed));
}
```