ToolPlex
Features

Webhooks

Trigger automations from external services.

Webhooks

Trigger your automations from anywhere that can make HTTP requests - CI/CD pipelines, Zapier, GitHub Actions, or your own code.

Getting your webhook URL

  1. Create an automation and select Webhook as the trigger type
  2. After saving, click the menu on your automation card
  3. Select Webhook details
  4. Copy your Webhook URL and Signing Secret

Triggering your automation

Send a POST request to your webhook URL with:

  • Your message in the body
  • A signature header (for security)

The request

# Replace with your values
URL="YOUR_WEBHOOK_URL"
SECRET="your-signing-secret"
BODY='{"data":{"message":"Hello from webhook"}}'

# Generate signature
TIMESTAMP=$(date +%s%3N)
SIGNATURE=$(echo -n "${TIMESTAMP}.${BODY}" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)

# Send request
curl -X POST "$URL" \
  -H "Content-Type: application/json" \
  -H "X-Toolplex-Signature: t=${TIMESTAMP},v1=${SIGNATURE}" \
  -d "$BODY"
const crypto = require('crypto');

const URL = 'YOUR_WEBHOOK_URL';
const SECRET = 'your-signing-secret';

const body = JSON.stringify({ data: { message: 'Hello from webhook' } });
const timestamp = Date.now();
const signature = crypto.createHmac('sha256', SECRET)
  .update(`${timestamp}.${body}`).digest('hex');

fetch(URL, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Toolplex-Signature': `t=${timestamp},v1=${signature}`,
  },
  body,
});
import hmac, hashlib, json, time, requests

URL = 'YOUR_WEBHOOK_URL'
SECRET = 'your-signing-secret'

body = json.dumps({'data': {'message': 'Hello from webhook'}})
timestamp = int(time.time() * 1000)
signature = hmac.new(SECRET.encode(), f"{timestamp}.{body}".encode(), hashlib.sha256).hexdigest()

requests.post(URL, headers={
    'Content-Type': 'application/json',
    'X-Toolplex-Signature': f't={timestamp},v1={signature}',
}, data=body)

What to send

The body tells the AI what to do:

{
  "data": {
    "message": "Process the new order",
    "context": {
      "orderId": "12345",
      "customer": "john@example.com"
    }
  }
}
  • message: Instructions for the AI (like what you'd type in chat)
  • context: Any data you want to pass along (optional)

Why the signature?

The signature proves the request came from you, not someone who guessed your URL. It's computed from your signing secret and request content, so it can't be forged.

Signatures are time-limited to prevent replay attacks.

Checking if it worked

Back in ToolPlex Desktop, click on your automation to see the Run history. Each webhook trigger creates a run you can inspect.

Human-in-the-Loop

Keep control over AI actions with notifications and approval flows.

Custom Tools

Publish custom tools only your team can use.

On this page

WebhooksGetting your webhook URLTriggering your automationThe requestWhat to sendWhy the signature?Checking if it worked