- Overview
- Getting Started
- Quick Start Guide
- Core Concepts
- Users
- Models
- Creating a Model
- Model Card
- Creating a Release
- Uploading Files
- Uploading Images
- Model Templating
- Data Cards
- Creating a Data Card
- Managing Data Cards
- Using a Model
- Browsing the Marketplace
- Requesting Access
- Using a Pushed Docker Image
- Downloading Files
- Reviews
- Understanding Reviews
- Reviewing
- Reviewing a Release
- Reviewing an Access Request
- Reviewing a Model Card Lifecycle
- Review Outcomes
- Security Scanning
- File Scanning
- Image Scanning
- Inferencing
- Creating an Inference Service
- Managing Inference Services
- Model Mirroring
- Creating a Mirrored Model
- Editing a Mirrored Model Card
- Untrusted Models
- Untrusted Models
- Deletion
- Deleting a File
- Deleting a Model
- Soft Deletion
- Programmatic Access
- Authentication
- Personal Access Tokens
- Python Client
- OpenAPI Reference
- Webhooks
- Administration
- Getting Started
- Deployment Architecture
- App Configuration
- Model Lifecycle Configuration
- Schemas
- Understanding Schemas
- Create a Schema
- Upload a Schema
- Schema Migrations
- Review Roles
- Managing Review Roles
- Assigning Roles to Schemas
- Federation
- Peer Integration
- Microservices
- Artefact Scanners
- Helm
- Basic Usage
- Configuration
- Isolated Environments
- Migrations
- Bailo v0.4
- Bailo v2.0
- DataBase Scripts
- Reference
- Glossary
- Roles & Permissions
- Troubleshooting & FAQ
Webhooks
Common questions this page answers:
- How do I set up a webhook in Bailo?
- What events can trigger webhooks?
- How do I update or delete a webhook?
- How do I secure webhook requests?
Bailo provides webhooks for programmatic, event-driven interactions with individual models. When certain events occur on a model, Bailo sends an HTTP POST request to a URL you specify, allowing you to integrate with external applications and workflows.
Setting up a webhook
Create webhooks through the API by sending a POST request with the webhook configuration:
curl -X POST https://your-bailo-instance.com/api/v2/model/{modelId}/webhooks \
-H "Content-Type: application/json" \
-u "your-access-key:your-secret-key" \
-d '{
"name": "My CI/CD webhook",
"uri": "https://your-service.com/webhook",
"token": "your-bearer-token",
"events": ["createRelease", "updateRelease"],
"active": true,
"insecureSSL": false
}'
Webhook configuration options
- name - A descriptive name for the webhook. Required
- uri - The URI (Uniform Resource Identifier) that will receive the POST requests. Required
- token - A bearer token included in the
Authorizationheader of webhook requests. Optional - events - Which events trigger this webhook (see Events below). Optional, defaults to all events
- active - Whether the webhook is enabled. Optional, defaults to true
- insecureSSL - Skip SSL (Secure Sockets Layer) verification for the target URL. Optional, defaults to false
Events
A Bailo model's webhook can be triggered by the following events:
- createRelease - Fires when a new release is created on the model
- updateRelease - Fires when an existing release is updated
- createReviewResponse - Fires when a reviewer submits a response (approval or change request)
- createAccessRequest - Fires when a user submits an access request for the model
Request format
When triggered, Bailo sends a POST request to the webhook's URI (Uniform Resource Identifier) with event-specific data.
The webhook includes "Authorization": "Bearer <token>" in the request headers if the webhook has a token configured.
The body of the webhook's request varies depending on the type of event.
createRelease / updateRelease
{
"event": "{createRelease|updateRelease}",
"description": "A release event happened",
"modelId": "abc123",
"modelCardVersion": 1,
"semver": "0.0.1",
"notes": "Initial release",
"minor": false,
"draft": false,
"fileIds": ["0123456789abcdef01234567"],
"images": [
{
"repository": "abc123",
"name": "some-docker-image",
"tag": "1.0.0"
}
],
"deleted": false,
"createdBy": "user",
"createdAt": "2025-01-21T12:00:00.000Z",
"updatedAt": "2025-01-21T12:00:00.000Z"
}
createReviewResponse
{
"event": "createReviewResponse",
"description": "A review response was created",
"semver": "0.0.1",
"accessRequestId": "123456789abcdef012345678",
"modelId": "abc123",
"kind": "{release|access}",
"role": "mtr",
"createdAt": "2025-01-21T12:00:00.000Z",
"updatedAt": "2025-01-21T12:00:00.000Z"
}
createAccessRequest
{
"event": "createAccessRequest",
"description": "An access request was created",
"id": "some-access-request-mno456",
"modelId": "abc123",
"schemaId": "minimal-access-request-general-v10",
"metadata": {
"overview": {
"name": "some access request",
"entities": ["user:user"],
"endDate": "2025-01-21"
}
},
"deleted": false,
"createdBy": "user",
"createdAt": "2025-01-21T12:00:00.000Z",
"updatedAt": "2025-01-21T12:00:00.000Z"
}
Managing webhooks
List, update, and delete webhooks using the API.
Listing webhooks
curl https://your-bailo-instance.com/api/v2/model/{modelId}/webhooks \
-u "your-access-key:your-secret-key"
Updating a webhook
curl -X PUT https://your-bailo-instance.com/api/v2/model/{modelId}/webhook/{webhookId} \
-H "Content-Type: application/json" \
-u "your-access-key:your-secret-key" \
-d '{
"name": "Updated webhook name",
"uri": "https://your-service.com/webhook",
"events": ["createRelease"],
"active": true
}'
Deleting a webhook
curl -X DELETE https://your-bailo-instance.com/api/v2/model/{modelId}/webhook/{webhookId} \
-u "your-access-key:your-secret-key"
Security considerations
Follow these practices to secure your webhook endpoints.
- Use the token field to include a bearer token in webhook requests, so your receiving service can verify the request came from Bailo
- Use HTTPS for your webhook URI to prevent eavesdropping on the request payloads
- Avoid
insecureSSL: truein production - only use it for testing with self-signed certificates
Related pages
- Authentication - Setting up API authentication
- Swagger API - All available API endpoints
Copyright © Crown Copyright 2026.
