Logo

Webhooks

Common questions this page answers:

  • How do I set up a webhook in Bailo?
  • What events can trigger webhooks?
  • How do I update or delete a webhook?
  • How do I secure webhook requests?

Bailo provides webhooks for programmatic, event-driven interactions with individual models. When certain events occur on a model, Bailo sends an HTTP POST request to a URL you specify, allowing you to integrate with external applications and workflows.

Setting up a webhook

Create webhooks through the API by sending a POST request with the webhook configuration:

curl -X POST https://your-bailo-instance.com/api/v2/model/{modelId}/webhooks \
  -H "Content-Type: application/json" \
  -u "your-access-key:your-secret-key" \
  -d '{
    "name": "My CI/CD webhook",
    "uri": "https://your-service.com/webhook",
    "token": "your-bearer-token",
    "events": ["createRelease", "updateRelease"],
    "active": true,
    "insecureSSL": false
  }'

Webhook configuration options

  • name - A descriptive name for the webhook. Required
  • uri - The URI (Uniform Resource Identifier) that will receive the POST requests. Required
  • token - A bearer token included in the Authorization header of webhook requests. Optional
  • events - Which events trigger this webhook (see Events below). Optional, defaults to all events
  • active - Whether the webhook is enabled. Optional, defaults to true
  • insecureSSL - Skip SSL (Secure Sockets Layer) verification for the target URL. Optional, defaults to false

Events

A Bailo model's webhook can be triggered by the following events:

  • createRelease - Fires when a new release is created on the model
  • updateRelease - Fires when an existing release is updated
  • createReviewResponse - Fires when a reviewer submits a response (approval or change request)
  • createAccessRequest - Fires when a user submits an access request for the model

Request format

When triggered, Bailo sends a POST request to the webhook's URI (Uniform Resource Identifier) with event-specific data.

The webhook includes "Authorization": "Bearer <token>" in the request headers if the webhook has a token configured.

The body of the webhook's request varies depending on the type of event.

createRelease / updateRelease

{
  "event": "{createRelease|updateRelease}",
  "description": "A release event happened",
  "modelId": "abc123",
  "modelCardVersion": 1,
  "semver": "0.0.1",
  "notes": "Initial release",
  "minor": false,
  "draft": false,
  "fileIds": ["0123456789abcdef01234567"],
  "images": [
    {
      "repository": "abc123",
      "name": "some-docker-image",
      "tag": "1.0.0"
    }
  ],
  "deleted": false,
  "createdBy": "user",
  "createdAt": "2025-01-21T12:00:00.000Z",
  "updatedAt": "2025-01-21T12:00:00.000Z"
}

createReviewResponse

{
  "event": "createReviewResponse",
  "description": "A review response was created",
  "semver": "0.0.1",
  "accessRequestId": "123456789abcdef012345678",
  "modelId": "abc123",
  "kind": "{release|access}",
  "role": "mtr",
  "createdAt": "2025-01-21T12:00:00.000Z",
  "updatedAt": "2025-01-21T12:00:00.000Z"
}

createAccessRequest

{
  "event": "createAccessRequest",
  "description": "An access request was created",
  "id": "some-access-request-mno456",
  "modelId": "abc123",
  "schemaId": "minimal-access-request-general-v10",
  "metadata": {
    "overview": {
      "name": "some access request",
      "entities": ["user:user"],
      "endDate": "2025-01-21"
    }
  },
  "deleted": false,
  "createdBy": "user",
  "createdAt": "2025-01-21T12:00:00.000Z",
  "updatedAt": "2025-01-21T12:00:00.000Z"
}

Managing webhooks

List, update, and delete webhooks using the API.

Listing webhooks

curl https://your-bailo-instance.com/api/v2/model/{modelId}/webhooks \
  -u "your-access-key:your-secret-key"

Updating a webhook

curl -X PUT https://your-bailo-instance.com/api/v2/model/{modelId}/webhook/{webhookId} \
  -H "Content-Type: application/json" \
  -u "your-access-key:your-secret-key" \
  -d '{
    "name": "Updated webhook name",
    "uri": "https://your-service.com/webhook",
    "events": ["createRelease"],
    "active": true
  }'

Deleting a webhook

curl -X DELETE https://your-bailo-instance.com/api/v2/model/{modelId}/webhook/{webhookId} \
  -u "your-access-key:your-secret-key"

Security considerations

Follow these practices to secure your webhook endpoints.

  • Use the token field to include a bearer token in webhook requests, so your receiving service can verify the request came from Bailo
  • Use HTTPS for your webhook URI to prevent eavesdropping on the request payloads
  • Avoid insecureSSL: true in production - only use it for testing with self-signed certificates

Related pages


Copyright © Crown Copyright 2026.