Skip to main content
POST
/
webhooks
Create a webhook for a team
curl --request POST \
  --url https://core.cyberun.cloud/api/v1/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "display_name": "Task Completion Notifier",
  "webhook_url": "https://my-app.example.com/webhooks/cyberun",
  "webhook_events": [
    "task.completed",
    "task.failed"
  ]
}
'
{
  "id": "019abc12-3456-7890-abcd-ef1234567890"
}

Documentation Index

Fetch the complete documentation index at: https://docs.cyberun.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

User session JWT (Bearer ). Must be paired with the X-Team-ID request header on team-scoped endpoints so the server knows which team's resources to operate on.

Headers

X-Team-ID
string<uuid>

UUID of the team to scope the request to. Used by dual-auth endpoints (runtime + scoped management):

  • JWT callers MUST send it — a user may belong to multiple teams and the runtime cannot otherwise know which one to operate on. Missing header → 400.
  • Credential callers (sk-, dk-) can omit it because the team is derived from the credential row itself. Any value sent is ignored.
Example:

"019abc12-4567-7890-abcd-ef1234567891"

Body

application/json

Registers a webhook endpoint. The server signs each delivery payload with HMAC-SHA256 using a generated secret (returned in the webhook detail response).

Webhook Payload Format

Each delivery is an HTTP POST with JSON body:

{
  "event_type": "task.completed",
  "task_id": "019c65a0-...",
  "task_status": "completed",
  "task_output": {"storage_key": "tasks/.../output.png", "image_count": 1},
  "task_error": "",
  "timestamp": "2025-02-16T09:00:00Z"
}

Signature Verification

Each delivery includes an X-Webhook-Signature-256 header:

X-Webhook-Signature-256: sha256=<hex_hmac>

Verify by computing HMAC-SHA256(webhook_secret, raw_body) and comparing.

Retry Policy

Failed deliveries (non-2xx response or timeout) are retried up to 4 times with exponential backoff: immediate → 5s → 30s → 2min.

display_name
string
required

Human-readable name for the webhook.

Required string length: 1 - 255
Example:

"Task Completion Notifier"

webhook_url
string<uri>
required

HTTPS endpoint URL to receive webhook payloads.

Maximum string length: 2048
Pattern: ^https://
Example:

"https://my-app.example.com/webhooks/cyberun"

webhook_events
enum<string>[]
required

List of event types to subscribe to:

  • task.completed: Fired when a task finishes successfully.
  • task.failed: Fired when a task fails (including timeout and agent disconnect).
Minimum array length: 1
Available options:
task.completed,
task.failed
Example:
["task.completed", "task.failed"]

Response

Webhook created

id
string<uuid>
required

UUID of the created or updated resource.

Example:

"019abc12-3456-7890-abcd-ef1234567890"