Webhook events
Consume entry lifecycle events without assuming unsupported event families.
The Admin subscription picker exposes four entry events. Payloads contain identifiers and lifecycle data, not a content snapshot.
Events
| Event | Trigger | data fields |
|---|---|---|
entry.published |
Entry becomes Published | Backend ID, type key, entity ID, status, version |
entry.unpublished |
Entry becomes Archived | Backend ID, type key, entity ID, status, version |
entry.changed |
Published entry gains working changes | Backend ID, type key, entity ID, status, version |
entry.deleted |
Entry is deleted | Backend ID, type key, entity ID |
{
"type": "entry.published",
"timestamp": "2026-07-15T12:00:00.000Z",
"data": {
"backendId": "BACKEND_ID",
"typeKey": "article",
"entityId": "ENTRY_ID",
"status": "Published",
"version": 7
}
}
Each POST includes webhook-id, webhook-timestamp, webhook-signature, and content-type: application/json.
Route on type, verify the signature over the raw body, and deduplicate by webhook-id. If more data is needed, fetch by the identifiers only when a current public state exists; deletion and unpublication may make delivery lookup unavailable.
Access
Webhook administration uses one Backend-scoped permission per action:
webhook.createcreates a subscription;webhook.updatechanges events or active state;webhook.readinspects subscriptions and delivery logs;webhook.deleteremoves a subscription.
The receiver authenticates the request with its signing secret and needs no CMS permission.
Asset, model, and schedule event families are not selectable. Release events exist behind the service boundary but are not exposed in the current Admin picker, so do not depend on them as a public subscription contract.
Webhook queue or delivery failure does not roll back the content mutation.