Event types
Preview This is the catalog of every
webhook event type managed.dev emits. Subscribe a
webhook endpoint to the events you care about, verify the
signature, and act on the payload. Each event carries a
typed resource so your handler can switch on type and read data without guessing.
the event types
Section titled “the event types”| Event | Fires when | Payload resource |
|---|---|---|
site.deployed |
A deployment finishes rolling onto an environment | deployment |
deployment.failed |
A deployment fails to build or roll | deployment |
build.succeeded |
A build produces a signed artifact | build |
malware.detected |
A ClamAV scan finds an infected file | malware_detection |
security.site_hacked |
Correlated signals indicate a site is compromised | site |
job.succeeded |
Any async job reaches a successful terminal state | job |
job.failed |
Any async job reaches a failed terminal state | job |
cert.renewed |
A TLS certificate is issued or renewed | certificate |
quota.exceeded |
A plan quota (sites, storage, envs) is reached | usage |
envelope shape
Section titled “envelope shape”Every delivery wraps the typed resource in a common envelope. The type field is
what you switch on; data holds the resource named in the table above.
{ "id": "evt_01J9F2KQ", "type": "site.deployed", "created_at": "2026-06-23T18:04:11.412Z", "data": { "deployment": { "id": "dep_01J9F2KQ", "site_id": "site_01J7ABCD", "env_id": "env_01J8C4RX", "status": "succeeded", "release_id": "rel_01J9F2KR" } }}The HTTP request also carries the Forge-Signature
header — verify it before trusting the body. Replay history and re-delivery live at
GET /v1/webhook-endpoints/{id}/deliveries.
putting events to work
Section titled “putting events to work”A few events anchor common automations:
security.site_hackedkicks off an incident response — pull malware detections, quarantine, and restore from a snapshot. It closes the loop the security pipeline opens.deployment.failedpages your team or posts to chat the moment a release doesn’t roll, instead of waiting for someone to notice.quota.exceededwarns before a limit blocks new work — a prompt to clean up or upgrade a plan.cert.renewedconfirms TLS stayed healthy without anyone watching it.
next steps
Section titled “next steps”Webhook eventsSubscribing to events, filtering, and the delivery model.
Webhooks overviewCreating endpoints, retries, and delivery history.
SignaturesVerifying the Forge-Signature header before trusting a payload.
Async jobsThe jobs behind job.succeeded and job.failed.