Skip to main content

This version of GitHub Enterprise was discontinued on 2022-06-03. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

GitHub App webhooks

About the GitHub App webhooks API

A GitHub App's webhook allows you to receive HTTP POST payloads whenever certain events happen for an app. The webhook REST APIs enable you to manage repository, organization, and app webhooks. You can also use the REST API to change the configuration of the webhook. For example, you can modify the payload URL, content type, SSL verification, and secret. For more information, see:

Get a webhook configuration for an app

Returns the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."

You must use a JWT to access this endpoint.

HTTP response status codes

Status codeDescription
200

OK

Code samples

get/app/hook/config
curl \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token <TOKEN>" \ http(s)://HOSTNAME/api/v3/app/hook/config

Response

Status: 200
{ "content_type": "json", "insecure_ssl": "0", "secret": "********", "url": "https://example.com/webhook" }

Update a webhook configuration for an app

Updates the webhook configuration for a GitHub App. For more information about configuring a webhook for your app, see "Creating a GitHub App."

You must use a JWT to access this endpoint.

Parameters

Headers
Name, Type, Description
acceptstring

Setting to application/vnd.github.v3+json is recommended.

Body parameters
Name, Type, Description
urlstring

The URL to which the payloads will be delivered.

content_typestring

The media type used to serialize the payloads. Supported values include json and form. The default is form.

secretstring

If provided, the secret will be used as the key to generate the HMAC hex digest value for delivery signature headers.

insecure_sslstring or number or

Determines whether the SSL certificate of the host for url will be verified when delivering payloads. Supported values include 0 (verification is performed) and 1 (verification is not performed). The default is 0. We strongly recommend not setting this to 1 as you are subject to man-in-the-middle and other attacks.

HTTP response status codes

Status codeDescription
200

OK

Code samples

patch/app/hook/config
curl \ -X PATCH \ -H "Accept: application/vnd.github.v3+json" \ -H "Authorization: token <TOKEN>" \ http(s)://HOSTNAME/api/v3/app/hook/config \ -d '{"content_type":"json","insecure_ssl":"0","secret":"********","url":"https://example.com/webhook"}'

Response

Status: 200
{ "content_type": "json", "insecure_ssl": "0", "secret": "********", "url": "https://example.com/webhook" }