Provenance
    Sign inStart free
    ← Docs

    Webhooks

    Provenance emits a signed event every time a watched vendor's posture changes — new evidence ingested, a trust statement published, a graph sync delivered, or a crawl job completing. Subscribe in your app and pipe events into your incident, procurement, or compliance tooling.

    Configure

    1. On signup, Provenance provisions a dedicated Svix application for your customer record. No setup needed on your side.
    2. Open Settings → Webhooks in the app, click Manage subscriptions, and you're routed into the Svix-hosted portal under your customer scope.
    3. Add an endpoint URL, pick which event types to subscribe to, and optionally rotate the signing secret. Events arrive HMAC-signed; verify with the Svix SDK or by hand.

    Event types

    • provenance.evidence.item.created.v1 — a new evidence artifact landed for a watched vendor.
    • provenance.statement.published.v1 — a trust statement was published or updated.
    • provenance.crawl.job.completed.v1 — a scheduled crawl run finished (success, partial, or dead-letter).
    • provenance.vendor.updated.v1 — vendor directory record changed (slug, primary domain, AI Act flag).

    Verifying signatures

    Each delivery includes svix-id, svix-timestamp, and svix-signature headers. Verify with the official Svix SDK in any of 10+ languages — see the Svix verification guide.

    Reliability

    Svix retries failed deliveries with exponential backoff for 24 hours. Your portal shows delivery attempts, last response code, and a manual re-send button for each event. If you need stronger durability, pair webhooks with periodic polls of the public API for the same data.