95e6f3d3ab
* add 3.1 to deprecated versions * rewrite img src to use azure blob storage in archive script Co-authored-by: rachmari <rachmari@users.noreply.github.com> * remove static files for ghes 3.1 * remove liquid conditionals and content for ghes 3.1 * remove outdated hardware reqs reusable * Fix liquid conditional uncaught by script * Close liquid conditionals missed by script * Apply @mattpollard's suggestions Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: rachmari <rachmari@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
1.7 KiB
title, allowTitleToDifferFromFilename, shortTitle, intro, versions, topics, miniTocMaxHeadingLevel
| title | allowTitleToDifferFromFilename | shortTitle | intro | versions | topics | miniTocMaxHeadingLevel | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Organization webhooks | true | Webhooks |
|
|
3 |
About the Organization webhooks API
Organization webhooks allow you to receive HTTP POST payloads whenever certain events happen in an organization. {% data reusables.webhooks.webhooks-rest-api-links %}
For more information on actions you can subscribe to, see "{% data variables.product.prodname_dotcom %} event types."
Scopes and restrictions
All actions against organization webhooks require the authenticated user to be an admin of the organization being managed. Additionally, OAuth tokens require the admin:org_hook scope. For more information, see "Scopes for OAuth Apps."
In order to protect sensitive data which may be present in webhook configurations, we also enforce the following access control rules:
- OAuth applications cannot list, view, or edit webhooks which they did not create.
- Users cannot list, view, or edit webhooks which were created by OAuth applications.
Receiving Webhooks
In order for {% data variables.product.product_name %} to send webhook payloads, your server needs to be accessible from the Internet. We also highly suggest using SSL so that we can send encrypted payloads over HTTPS.
For more best practices, see our guide.
Webhook headers
{% data variables.product.product_name %} will send along several HTTP headers to differentiate between event types and payload identifiers. See webhook headers for details.