Automate with Webhooks
Webhooks let your application react to changes in Vivreal in real time. When a collection object is created, updated, or deleted, Vivreal sends an HTTP POST to your endpoint with the event payload.
Prerequisites
- A Vivreal account with an active group
- A publicly accessible server or service (e.g. Express.js, Vercel serverless function, or a tool like ngrok for local development)
- Basic knowledge of Node.js
Create a webhook receiver
Set up a simple Express.js server that listens for incoming webhook events:
const express = require("express");
const crypto = require("crypto");
const app = express();
app.use(express.json());
const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET; // from Vivreal
function verifySignature(payload, signature) {
const expected = crypto
.createHmac("sha256", WEBHOOK_SECRET)
.update(JSON.stringify(payload))
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}
app.post("/webhooks/vivreal", (req, res) => {
const signature = req.headers["x-vivreal-signature"];
if (!signature || !verifySignature(req.body, signature)) {
return res.status(401).json({ error: "Invalid signature" });
}
const { event, data } = req.body;
console.log(`Received event: ${event}`, data);
switch (event) {
case "collection.object.created":
// Handle new object
break;
case "collection.object.updated":
// Handle update
break;
case "collection.object.deleted":
// Handle deletion
break;
default:
console.log("Unknown event type:", event);
}
res.status(200).json({ received: true });
});
app.listen(3001, () => console.log("Webhook receiver on :3001"));
Expose your local server
If you are developing locally, use ngrok to create a public URL:
ngrok http 3001
Copy the forwarding URL (e.g. https://abc123.ngrok.io).
Configure the webhook in Vivreal
In the portal, go to Integrations → Webhooks → + New Webhook. Fill in:
- URL: Your public endpoint (e.g.
https://abc123.ngrok.io/webhooks/vivreal) - Events: Select the events you want to receive (
collection.object.created,collection.object.updated,collection.object.deleted) - Secret: Vivreal generates an HMAC secret. Copy it and set it as
WEBHOOK_SECRETin your server environment.
Click Save to activate the webhook.
Test with a sample payload
Create or edit an object in any collection. Your webhook receiver should log the incoming event within a few seconds. The payload structure looks like this:
{
"event": "collection.object.created",
"timestamp": "2026-03-15T12:00:00Z",
"data": {
"collectionName": "Blog Posts",
"objectId": "abc123",
"fields": {
"title": "New Post",
"tags": ["announcement"]
}
}
}
Handle failures gracefully
Vivreal retries failed webhook deliveries up to 3 times with exponential backoff. Your endpoint should:
- Return a 2xx status code within 10 seconds to acknowledge receipt.
- Process heavy work asynchronously (e.g. queue it) rather than blocking the response.
- Log failures for debugging — check the Webhook Delivery section in Integrations for delivery history.
Always verify the x-vivreal-signature header before processing a webhook. Without verification, an attacker could send fake events to your endpoint.
During development, return a 200 immediately and log the payload. Once your logic is stable, add signature verification and error handling.
Common Use Cases
| Use Case | Event | Action |
|---|---|---|
| Rebuild static site | collection.object.updated | Trigger Amplify rebuild |
| Send notification | collection.object.created | Post to Slack or email |
| Sync to external DB | Any | Upsert into Postgres / Algolia |
| Invalidate cache | collection.object.updated | Purge CDN cache key |
Next Steps
- Explore the full API reference for all available endpoints
- Add webhook support for integration events (e.g. Stripe product synced)