Articles on: Integrations & Advanced Features

Configuring outbound webhooks for a project

Overview


How do I configure webhooks so external systems automatically receive notifications from CxPlanner?


The Webhooks feature in the Project Settings module allows you to send automated HTTP POST notifications to external HTTPS endpoints when selected project events occur. This feature is used to integrate CxPlanner with automation platforms, ticketing systems, monitoring tools, or custom backend applications.


This guide covers creating, editing, testing, disabling, deleting, and monitoring project webhooks. It does not cover implementation of the receiving endpoint beyond basic signature verification. || Only users with the project role Admin can manage webhooks, and the company must have the ProjectWebhooks Enterprise plugin enabled.

When and why to use this

Use webhooks when project activity in CxPlanner should trigger actions in external systems.

  • Use webhooks to notify external systems when tasks or checklists change.
  • CxPlanner sends a signed HTTP POST request to your registered endpoint.
  • You can subscribe to specific event types.
  • Endpoints must support HTTPS.
  • Webhooks can be paused without being deleted.
  • CxPlanner automatically disables webhooks after repeated delivery failures.
  • The signing secret is only shown once during creation.


Available event types:

  • Task assigned
  • Task created
  • Task updated
  • Checklist user group assigned
  • Checklist signed


How to - step by step

Create a webhook

  1. Open the project and go to Settings.
  2. Select Webhooks.
  3. Enter your Endpoint URL.
  4. Select the Event types you want to receive.
  5. Leave Active enabled if the webhook should start immediately.
  6. Disable Active if you want to save it in a paused state.
  7. Click Save.
  8. Copy the signing secret when the message "Copy this signing secret now. You will not see it again." appears.


The signing secret is only displayed once. Store it securely before leaving the page.



Edit a webhook

  1. Navigate to SettingsWebhooks.
  2. Locate the webhook in the Outbound webhooks list.
  3. Click Details.
  4. Update the endpoint URL, event types, or active status.
  5. Click Save.


The signing secret is not displayed again during editing. If you need a new secret, delete the webhook and create a new one.



Delete a webhook

  1. Locate the webhook in the Outbound webhooks list.
  2. Click Delete.
  3. Type delete in the confirmation field.
  4. Click Delete to confirm.


Deletion is permanent. Delivery history for the webhook is also removed.


Behavior and results

Permission matrix

Action

Who can perform it

Enable the ProjectWebhooks plugin for a company

CxPlanner backend administrator

Create webhooks

Project role Admin

Edit webhooks

Project role Admin

Delete webhooks

Project role Admin

Send test deliveries

Project role Admin

View delivery history

Project role Admin

If the Webhooks tab is unavailable or displays "Webhooks are not enabled for your company. Please contact support to enable this enterprise feature.", contact your CxPlanner administrator or CxPlanner Support.


Endpoint URL requirements

Requirement

Description

HTTPS

Endpoints must use HTTPS. HTTP is not supported.

Blocked domains

Domains belonging to cxplanner.com are not allowed.

Public access

Endpoints must be publicly accessible from the internet.


HTTP headers included in every delivery

Header

Value

Content-Type

application/json

X-CxPlanner-Signature

sha256=<hmac-sha256-of-body>

X-CxPlanner-Event

Event type, e.g. task.assigned

X-CxPlanner-Delivery

Unique delivery UUID


Payload structure

All webhook events use the same JSON envelope. The data object contains event-specific information.

{
  "event": "task.assigned",
  "schemaVersion": 1,
  "projectId": "123",
  "entityUuid": "uuid-of-the-entity",
  "actorUuid": "uuid-of-the-user-who-triggered-the-event",
  "timestamp": "2026-05-30T09:00:00Z",
  "data": {}
}


Signature verification

When a webhook is created, CxPlanner generates a signing secret. This secret is used to verify that incoming webhook deliveries originate from CxPlanner.

  1. Read the raw request body before parsing it.
  2. Compute HMAC-SHA256(raw_body, signing_secret).
  3. Compare the result as sha256=<hmac> against the X-CxPlanner-Signature header.
  4. Reject the request if the signatures do not match.


Always calculate the signature using the raw request body. Parsing and re-serializing JSON may change formatting and cause signature verification to fail.


Retry policy

If your endpoint does not return a 2xx HTTP status code, CxPlanner retries delivery using exponential backoff.

Attempt

Delay before next attempt

1

Initial delivery

2

Approximately 5 seconds

3

Approximately 30 seconds

4

Approximately 2 minutes

5

Approximately 10 minutes

6

Approximately 30 minutes

7

Approximately 2 hours

8

Approximately 6 hours

9

Approximately 12 hours


Automatic webhook disablement

If an endpoint fails 5 consecutive deliveries, CxPlanner automatically disables the webhook and records the event in the project audit log.

Once the endpoint issue has been resolved, a project administrator can re-enable the webhook by opening Details, checking Active, and clicking Save.


Delivery history retention

Type

Retention

Visible deliveries in UI

Up to 50 recent deliveries per webhook

Successful deliveries

30 days

Failed deliveries

90 days


Troubleshooting

Problem

Cause

Solution

The Webhooks tab shows that webhooks are not enabled

The ProjectWebhooks Enterprise plugin is not enabled for the company

Contact your CxPlanner administrator or CxPlanner Support

I cannot see the Webhooks tab

You do not have the Admin project role

Contact a project administrator

I lost the signing secret

The secret is only displayed once during creation

Delete the webhook, create a new one, and update your endpoint configuration

My endpoint receives repeated deliveries

The endpoint is not returning a 2xx HTTP response

Ensure the endpoint returns a valid 2xx response

The webhook was automatically disabled

The endpoint failed 5 consecutive deliveries

Fix the endpoint issue and re-enable the webhook

Signature verification fails

The HMAC is calculated incorrectly or the secret does not match

Verify that the HMAC is calculated using the raw request body and correct signing secret

Send test shows a delivery but my endpoint never received it

The endpoint is not publicly accessible over HTTPS

Verify endpoint accessibility and review the delivery status

Deliveries are marked as failed

The endpoint is unreachable or returns errors

Fix the endpoint and wait for the next retry or use Send test

I want to manually retry a previous delivery

Manual retries are not supported

Use Send test to generate a new test delivery


Quick facts

  • Requires: Project role Admin and the ProjectWebhooks Enterprise plugin
  • Location: Project Settings → Webhooks
  • Affects: External integrations, webhook deliveries, audit logs, and delivery history
  • Endpoint requirement: HTTPS
  • Delivery type: Signed HTTP POST requests
  • Automatic disablement: After 5 consecutive delivery failures
  • History retention: 30 days for successful deliveries, 90 days for failed deliveries

Updated on: 06/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!