Webhooks Overview
Webhooks let you receive real-time HTTP notifications when events happen on your Sotion site like members signing up, logging in, access group changes, and more. Instead of polling the API, you register a URL and Sotion pushes events to you as they occur.
Setting up a webhook
Go to Site Settings > Integrations
Click Create Webhook
Enter a name, your HTTPS endpoint URL, and select the events you want to receive
Optionally provide your own signing secret, or let Sotion generate one for you
Copy the signing secret --- it is shown only once
Your endpoint must be publicly accessible over HTTPS.
Events
Event | Description |
|---|---|
| A new member was added to the site |
| A member's details were changed (email, name, status, etc.) |
| A member logged in or logged out |
| A member was removed from the site |
| A new access group was created |
| An access group's name or description was changed |
| An access group was deleted |
| A member was added to an access group |
| A member was removed from an access group |
Payload format
Every webhook delivery sends a JSON payload wrapped in a standard envelope:
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"type": "member.created",
"timestamp": "2026-03-28T12:00:00.000Z",
"version": "1",
"siteId": "site-uuid-here",
"data": {
...
}
}Field | Type | Description |
|---|---|---|
| string | Unique event ID (UUIDv4). Use this as an idempotency key to avoid processing the same event twice. |
| string | The event type, e.g. |
| string | ISO-8601 timestamp of when the event occurred |
| string | Envelope schema version. Currently |
| string | The ID of the site that generated the event |
| object | Event-specific payload (see below) |
HTTP headers
Every webhook delivery includes the following headers:
Header | Description |
|---|---|
|
|
|
|
| The event type, e.g. |
| Unique ID for this delivery attempt |
| The event ID (same as |
|
|