{"id":13576289,"url":"https://github.com/standard-webhooks/standard-webhooks","last_synced_at":"2026-02-18T21:03:31.313Z","repository":{"id":206880735,"uuid":"683760582","full_name":"standard-webhooks/standard-webhooks","owner":"standard-webhooks","description":"The Standard Webhooks specification","archived":false,"fork":false,"pushed_at":"2026-02-18T19:12:27.000Z","size":555,"stargazers_count":1608,"open_issues_count":54,"forks_count":54,"subscribers_count":21,"default_branch":"main","last_synced_at":"2026-02-18T19:34:51.459Z","etag":null,"topics":["api","asyncapi","callbacks","http","json","openapi","specification","standard","standard-webhooks","webhook","webhooks"],"latest_commit_sha":null,"homepage":"https://www.standardwebhooks.com/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/standard-webhooks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-08-27T16:08:55.000Z","updated_at":"2026-02-18T19:11:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"e8b75585-f9ae-4b68-be6d-75cc2e4bd4d0","html_url":"https://github.com/standard-webhooks/standard-webhooks","commit_stats":{"total_commits":121,"total_committers":30,"mean_commits":4.033333333333333,"dds":"0.49586776859504134","last_synced_commit":"c54a58db59ece0485623cf08741fe92325db8254"},"previous_names":["standard-webhooks/standard-webhooks"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/standard-webhooks/standard-webhooks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/standard-webhooks%2Fstandard-webhooks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/standard-webhooks%2Fstandard-webhooks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/standard-webhooks%2Fstandard-webhooks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/standard-webhooks%2Fstandard-webhooks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/standard-webhooks","download_url":"https://codeload.github.com/standard-webhooks/standard-webhooks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/standard-webhooks%2Fstandard-webhooks/sbom","scorecard":{"id":845963,"data":{"date":"2025-08-11","repo":{"name":"github.com/standard-webhooks/standard-webhooks","commit":"a173a6c0125ca2b9245bf5ea3f1c61384ccc10a2"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":1,"reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/csharp-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/csharp-release.yml:1","Warn: no topLevel permission defined: .github/workflows/elixir-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/elixir-release.yml:1","Warn: no topLevel permission defined: .github/workflows/go-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/java-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/java-release.yml:1","Warn: no topLevel permission defined: .github/workflows/javascript-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/javascript-release.yml:1","Warn: no topLevel permission defined: .github/workflows/php-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/php-release.yml:1","Warn: no topLevel permission defined: .github/workflows/python-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/python-release.yml:1","Warn: no topLevel permission defined: .github/workflows/ruby-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/ruby-release.yml:1","Warn: no topLevel permission defined: .github/workflows/rust-lint.yml:1","Warn: no topLevel permission defined: .github/workflows/rust-release.yml:1","Warn: no topLevel permission defined: .github/workflows/rust-security.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/csharp-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/csharp-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/csharp-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/csharp-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/csharp-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/elixir-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/elixir-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/elixir-lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/elixir-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/elixir-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/elixir-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/elixir-release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/elixir-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/go-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go-lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/go-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go-lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/go-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/java-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/java-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/java-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/java-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/java-release.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/java-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/java-release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/java-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/javascript-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/javascript-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript-release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/javascript-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/php-lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/php-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/php-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/php-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/python-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/python-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/python-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python-release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/python-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/python-release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/python-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-lint.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/ruby-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ruby-lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/ruby-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/ruby-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ruby-release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/ruby-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust-lint.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust-release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust-release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rust-security.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-security.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/rust-security.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/standard-webhooks/standard-webhooks/rust-security.yml/main?enable=pin","Warn: nugetCommand not pinned by hash: .github/workflows/csharp-lint.yml:24: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: nugetCommand not pinned by hash: .github/workflows/csharp-release.yml:23: pin your dependecies by either enabling central package management (https://learn.microsoft.com/nuget/consume-packages/Central-Package-Management) or using a lockfile (https://learn.microsoft.com/nuget/consume-packages/package-references-in-project-files#locking-dependencies)","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yml:25","Warn: pipCommand not pinned by hash: .github/workflows/python-lint.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/python-release.yml:22","Warn: pipCommand not pinned by hash: .github/workflows/python-release.yml:23","Warn: pipCommand not pinned by hash: .github/workflows/python-release.yml:24","Warn: pipCommand not pinned by hash: .github/workflows/python-release.yml:29","Info:   0 out of  25 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of   2 nugetCommand dependencies pinned","Info:   0 out of   7 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/java-release.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T21:27:07.610Z","repository_id":206880735,"created_at":"2025-08-23T21:27:07.610Z","updated_at":"2025-08-23T21:27:07.610Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29596127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T20:59:56.587Z","status":"ssl_error","status_checked_at":"2026-02-18T20:58:41.434Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","asyncapi","callbacks","http","json","openapi","specification","standard","standard-webhooks","webhook","webhooks"],"created_at":"2024-08-01T15:01:08.899Z","updated_at":"2026-02-18T21:03:31.308Z","avatar_url":"https://github.com/standard-webhooks.png","language":"Java","readme":"\u003ch1\u003e\n    \u003ca style=\"text-decoration: none\" href=\"https://www.standardwebhooks.com\"\u003e\n      \u003cimg width=\"360\" src=\"./assets/brand.svg\" /\u003e\n    \u003c/a\u003e\n\u003c/h1\u003e\n\nOpen source tools and guidelines for sending webhooks easily, securely, and reliably\n\n## Introduction\n\nWebhooks are becoming increasingly popular and are used by many of the world's top companies for sending events to users of their APIs. However, the ecosystem is fragmented, with each webhook provider using different implementations and varying quality. Even high quality implementations vary, making them inherently incompatible. This fragmentation is a pain for the providers and consumers, stifling innovation.\n\nFor consumers, this means handling webhooks differently for every provider, relearning how to verify webhooks, and encountering gotchas with bespoke implementations. For providers, this means reinventing the wheel, redesigning for issues that have already been solved (security, forward compatibility, etc.). \n\nWe propose a simple solution: standardize webhooks across the industry. This design document outlines our proposal, a set of strict webhook guidelines based on the existing industry best practices. We call it \"Standard Webhooks\".\n\nWe believe \"Standard Webhooks\" can do for webhooks what JWT did for API authentication. Adopting a common protocol that is consistent and supported by different implementations will solve the above issues, and will enable new tools and innovations in webhook ecosystem.\n\nTo achieve this, we have created an open source and community-driven set of tools and guidelines for sending webhooks. \n\n## What are Webhooks?\n\nWebhooks are a common name for HTTP callbacks, and are a way for services to notify each other of events. Webhooks are part of a service's API, though you can think of them as a sort of a \"reverse API\". When a client wants to make a request to a service they make an API call, and when the service wants to notify the client of an event the service triggers a webhook (\"a user has paid\", \"task has finished\", etc.).\n\nWebhooks are server-to-server, in the sense that both the customer and the service in the above description, should be operating HTTP servers, one to receive the API calls and one to receive the webhooks. It's important to note that while webhooks usually co-exist with a traditional API, this is not a requirement, and some services send webhooks without offering a traditional API.\n\n## Read the specification\n\nThe latest draft specification can be found at [spec/standard-webhooks.md](./spec/standard-webhooks.md) which tracks the latest commit to the main branch in this repository.\nThe human-readable markdown file is the source of truth for the specification.\n\n## Reference implementations\n\nThere are reference implementations for the signature verification theme for a variety of languages, including:\n\n- [Python](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/python)\n- [JavaScript/TypeScript](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/javascript)\n- [Java/Kotlin](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/java)\n- [Rust](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/rust)\n- [Go](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/go)\n- [Ruby](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/ruby)\n- [PHP](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/php)\n- [C#](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/csharp)\n- [Elixir](https://github.com/standard-webhooks/standard-webhooks/tree/main/libraries/elixir)\n\n## Community implementations\n\n- [Java](https://github.com/Cosium/standard-webhooks-consumer)\n- [C# (.NET)](https://github.com/codefactors/StandardWebhooks)\n- [Swift](https://github.com/m1guelpf/swift-standard-webhooks)\n\n\n## Technical steering committee\n\nThe Standard Webhooks initiative, the specification, and development of tooling is driven by the community and guided by the technical steering committee.\n\nMembers (in alphabetical order):\n\n* [Brian Cooksey](https://github.com/bcooksey) ([Zapier](https://zapier.com/))\n* [Ivan Gracia](https://github.com/igracia) ([Twilio](https://twilio.com/))\n* [Jorge Vivas](https://github.com/jorgelob) ([Lob](https://lob.com))\n* [Matthew McClure](https://github.com/mmcc) ([Mux](https://mux.com))\n* [Nijiko Yonskai](https://github.com/nijikokun) ([ngrok](https://ngrok.com))\n* [Stojan Dimitrovski](https://github.com/hf) ([Supabase](https://supabase.com))\n* [Tom Hacohen](https://github.com/tasn/) ([Svix](https://www.svix.com))\n* [Vincent Le Goff](https://github.com/zekth) ([Kong](https://konghq.com))\n\n## Example ecosystem benefits of Standard Webhooks\n\nWe believe \"Standard Webhooks\" can do to webhooks what JWT did to API authentication. Having a common protocol that is consistent will enable a variety of implementations to interoperate, reducing the development burden on webhook consumers and enabling new uses. Some of these benefits include:\n\n- API Gateway signature verification: signature verification is a common challenge for webhook consumers. Standard Webhooks makes it possible for verification to be implemented directly in the API gateway, easily solving verification for consumers.\n- Having a set of libraries for signing and verification make webhook verification easier for scenarios where API gateways can't be used.\n- Workflow automation tools (such as Zapier, Make, Workato, and tray.io) can implement the signature verification themselves to ensure a secure integration and save the need for integration builders to reinvent the wheel every time.\n- Standard Webhooks will enable building tools to automatically generate SDK for webhook consumers that in addition to verifying the signature can also validate the schemas (using JSON Schema, OpenAPI or AsyncAPI definitions).\n- Many more...\n\n\n## Related efforts\n\nThere are a few complementary or partially overlapping efforts to standardize asynchronous event communication. This specification is compatible with the rest of them, and can either reuse existing efforts or benefit further from collaboration with them. The most notable of such efforts are:\n\n### Active Projects\n\n- [OpenAPI](https://www.openapis.org/)\n- [AsyncAPI](https://www.asyncapi.com/)\n- [CloudEvents](https://cloudevents.io/)\n- [IETF HTTP Message Signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html)\n- [Webhooks.fyi](https://webhooks.fyi/) - a collection of useful webhooks resources (not a standardization effort).\n\n### In-active Projects \n\n- [RestHooks](https://github.com/zapier/resthooks)\n","funding_links":[],"categories":["Elixir","Recently Updated","Java","Resources"],"sub_categories":["[Oct 02, 2024](/content/2024/10/02/README.md)","API Specification"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstandard-webhooks%2Fstandard-webhooks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstandard-webhooks%2Fstandard-webhooks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstandard-webhooks%2Fstandard-webhooks/lists"}