Webhooks

Get notified in real-time when reviews complete, team changes occur, or other events happen.

Overview

Jasper can send HTTP POST requests to your server when certain events occur. Use webhooks to integrate Jasper with your CI/CD pipeline, Slack, custom dashboards, or any other tools.

Available Events

Jasper supports 16 webhook events organized into 6 categories:

Review Events

Event	Description
`review.created`	A new code review has been queued
`review.started`	AI analysis has started on a review
`review.completed`	A code review has finished successfully
`review.failed`	A review failed to complete

Repository Events

Event	Description
`repository.added`	A new repository was enabled for reviews
`repository.removed`	A repository was disabled or removed
`repository.settings_updated`	Repository settings were changed

Billing Events

Event	Description
`billing.credits_purchased`	Credits were purchased for the organization
`billing.credits_low`	Credit balance is running low (below threshold)
`billing.credits_depleted`	All credits have been used
`billing.free_tier_reset`	Monthly free tier reviews have been reset

Team Events

Event	Description
`team.member_added`	A new member joined the organization
`team.member_removed`	A member was removed from the organization
`team.member_role_changed`	A member's role was updated

Security Events

Event	Description
`security.alert_created`	A security vulnerability was detected in a review
`security.alert_resolved`	A security alert was marked as resolved

Organization Events

Event	Description
`organization.settings_updated`	Organization settings were changed

Payload Structure

All webhook payloads follow a consistent structure:

{
  "event": "review.completed",
  "timestamp": "2026-01-08T10:30:00Z",
  "organization": {
    "id": "org_abc123",
    "name": "Your Organization"
  },
  "data": {
    // Event-specific data
  }
}

Review Completed Example

{
  "event": "review.completed",
  "timestamp": "2026-01-08T10:30:00Z",
  "organization": {
    "id": "org_abc123",
    "name": "Your Organization"
  },
  "data": {
    "review_id": "rev_abc123",
    "repository": "org/repo",
    "pr_number": 42,
    "pr_title": "Add new feature",
    "verdict": "APPROVE",
    "score": 85,
    "summary": "Code looks good with minor suggestions...",
    "issues": {
      "critical": 0,
      "high": 1,
      "medium": 2,
      "low": 5
    },
    "url": "https://heyjasper.ai/reviews/rev_abc123"
  }
}

Team Member Added Example

{
  "event": "team.member_added",
  "timestamp": "2026-01-08T10:30:00Z",
  "organization": {
    "id": "org_abc123",
    "name": "Your Organization"
  },
  "data": {
    "user": {
      "id": "usr_xyz789",
      "name": "Jane Developer",
      "email": "[email protected]",
      "github_username": "janedev"
    },
    "role": "member",
    "invited_by": {
      "id": "usr_abc123",
      "name": "John Admin"
    }
  }
}

Setting Up Webhooks

Go to your organization Settings
Navigate to Webhooks
Click Add Webhook
Enter your endpoint URL (must be HTTPS)
Select the events you want to receive
Optionally add a description
Save the webhook

Tip: You can create multiple webhooks with different event subscriptions to route events to different endpoints.

Security

All webhook requests include a signature header for verification. This ensures requests are genuinely from Jasper and haven't been tampered with.

Signature Header

X-Jasper-Signature: sha256=abc123def456...

Verifying Signatures

Verify the signature using your webhook secret (found in webhook settings):

// PHP Example
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_REVIO_SIGNATURE'];
$secret = 'your-webhook-secret';

$expected = 'sha256=' . hash_hmac('sha256', $payload, $secret);

if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit('Invalid signature');
}

// Process the webhook
$data = json_decode($payload, true);

// Node.js Example
const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
    const expected = 'sha256=' +
        crypto.createHmac('sha256', secret)
              .update(payload)
              .digest('hex');

    return crypto.timingSafeEqual(
        Buffer.from(expected),
        Buffer.from(signature)
    );
}

Retry Policy

If your endpoint returns an error (non-2xx status code), Jasper will retry the delivery:

3 retry attempts before marking as failed
Exponential backoff: 1 second, 10 seconds, 60 seconds
Timeout: 30 seconds per request

Delivery Logs

View delivery history and debug failed webhooks in Settings → Webhooks → Logs. Each delivery shows:

Request payload
Response status and body
Retry attempts
Timestamps

Best Practices

Respond quickly — Return a 200 response within 5 seconds, then process asynchronously
Handle duplicates — Use the event ID to deduplicate in case of retries
Verify signatures — Always validate the X-Jasper-Signature header
Use HTTPS — Only HTTPS endpoints are supported for security
Monitor delivery logs — Regularly check for failed deliveries

Testing Webhooks

Use the Test button in webhook settings to send a test payload to your endpoint. This helps verify your integration before going live.

For complete API documentation, see the API Reference.

Branch Protection ClickUp Integration