Note: This article applies to publishing GitHub Apps in GitHub Marketplace only. For more information about publishing GitHub Actions in GitHub Marketplace, see "Publishing actions in GitHub Marketplace."
The GitHub Marketplace event webhook can only be set up from your application's GitHub Marketplace listing page. You can configure all other events from your application's developer settings page. If you haven't created a GitHub Marketplace listing, read "Drafting a listing for your app" to learn how.
To create a webhook for your GitHub Marketplace listing, click Webhook in the left sidebar of your GitHub Marketplace listing page. You'll see the following webhook configuration options needed to configure your webhook:
The payload URL is the URL of the server that will receive the webhook
Webhooks can be delivered using different content types:
application/jsoncontent type will deliver the JSON payload directly as the body of the
application/x-www-form-urlencodedcontent type will send the JSON payload as a form parameter called
Choose the one that best fits your needs. GitHub recommends using the
application/json content type.
Setting a webhook secret allows you to ensure that
POST requests sent to the payload URL are from GitHub. When you set a secret, you'll receive the
X-Hub-Signature-256 headers in the webhook
POST request. For more information on how to use a secret with a signature header to secure your webhook payloads, see "Validating webhook deliveries."
By default, webhook deliveries are "Active." You can choose to disable the delivery of webhook payloads during development by deselecting "Active." If you've disabled webhook deliveries, you will need to select "Active" before you submit your app for review.
Once you've configured your GitHub Marketplace webhook, you'll be able to inspect
POST request payloads from the Webhook page of your application's GitHub Marketplace listing. GitHub doesn't resend failed delivery attempts. Ensure your app can receive all webhook payloads sent by GitHub.