HTTP Webhooks
If a system can POST, it can trigger an agent. JSON, form data, and file uploads all hit the same endpoint. No glue server, no parser to maintain.
Overview
Every webhook connector gets a unique URL and a secret key. Anything that can send an HTTP request can trigger the agent behind it: POST a JSON body, submit form data, upload files as multipart, or fire a plain GET with query parameters. Three modes cover the delivery patterns that matter. Inbound queues the run and returns run IDs immediately, sync holds the connection and returns the agent's result in the same response, and outbound POSTs completed run results to a URL you control.
That replaces the glue service you would otherwise write: an HTTP server, a payload parser, an auth check, a queue, and a worker. You point the source system at the webhook URL, and the request arrives in your agent as structured input with nothing in between for you to deploy or patch.
How it works
Create the connector and pick a mode
Add an HTTP Webhook connector from your agent's Connector Flow. Inbound queues runs and responds immediately with run IDs, sync waits for the agent to finish (5 minutes by default) and returns the result inline, and outbound delivers completed run results to your endpoint.
Copy the URL and secret
The connector detail drawer opens with the webhook URL and secret. Authentication is enabled by default; send the secret in the X-Connic-Secret header, an Authorization: Bearer header, or a query parameter.
Send requests
POST JSON, form data, or multipart file uploads, or send a GET with query parameters. The payload is passed to your agent as input, and each request triggers a run on every linked agent.
What you can build
Patterns teams ship in production. No queues, workers, or schedulers to run.
Order placed
POST /webhook/ordersAgent validates payment, checks inventory, scores fraud risk, and routes to fulfillment — all before the confirmation email leaves the queue.
Order placed
POST /webhook/ordersAgent validates payment, checks inventory, scores fraud risk, and routes to fulfillment — all before the confirmation email leaves the queue.
Authentication and signature verification
Inbound and sync webhooks require the connector secret by default, provided as an X-Connic-Secret header (recommended), an Authorization: Bearer header, or a query parameter. You can turn off Require Authentication when a middleware before-function validates requests before they reach the agent.
Outbound deliveries are signed. Every request Connic POSTs to your endpoint carries an X-Connic-Signature header with a hex-encoded HMAC-SHA256 signature and an X-Connic-Timestamp header. You verify by computing HMAC-SHA256 over the timestamp, a dot, and the raw body, and you can reject timestamps older than 5 minutes to prevent replays. For endpoints on private networks, route outbound requests through a Connic Bridge.
Payloads, files, and responses
A JSON body is passed to the agent as-is, form fields become key-value pairs, and query parameters (except the secret) come along on GET requests. Multipart uploads arrive in the payload with text fields at the top level and files base64-encoded under a files key; each file is handed to the model as inline data. Images, PDFs, Office documents, and data files are supported, up to 10 MB per file.
Every request that clears authentication becomes a normal agent run: it shows up in run history with full traces, token and cost tracking, and the same guardrails and approval rules as any other trigger. Inbound responses return the dispatched run_ids, and sync responses return the run's output directly. See the full request and response formats in the webhook docs.
Information
- Publisher
- By Connic
- Category
- Connectors
- Modes
- Inbound, Outbound, Sync
- Documentation
- HTTP Webhooks docs
Frequently Asked Questions
How do I trigger an AI agent from an HTTP request?
Does the webhook connector verify signatures?
X-Connic-Secret header, an Authorization: Bearer header, or a query parameter. Deliveries Connic sends out are signed with HMAC-SHA256 in the X-Connic-Signature header plus an X-Connic-Timestamp header, so your endpoint can verify authenticity and reject replayed requests.Can I send files to an agent through a webhook?
multipart/form-data with one or more file fields and they are passed to the model as inline data. Images, PDFs, Word and OpenDocument files, spreadsheets, presentations, and plain-text formats are supported, up to 10 MB per file. Files arrive base64-encoded under a files key in the payload, so middleware can inspect or validate them before the run.Bring the event source, payload shape, result destination, and any private-network or approval requirements. We will map HTTP Webhooks to the right Connic connector mode, deployment path, and observability setup.
Talk to Sales