Endpoints

HTTP endpoints let Nevo POST events to your own URLs in addition to streaming them to the SDK.

An endpoint is an HTTP URL on your side that Nevo POSTs events to when they arrive. Use them alongside (or instead of) an SDK client when a persistent connection isn’t practical — serverless functions, webhooks into third-party tools, etc.

When to use endpoints vs the SDK

  • SDK — long-running process, low latency, can send replies. Best when you already have a server.
  • Endpoint (HTTP POST) — stateless handler, easy to deploy on Vercel/Lambda/Cloud Run, works without a persistent connection. No reply support today.

You can wire up both — the same event goes to both destinations.

Endpoint request shape

Nevo POSTs the same Event JSON (see Events) to your URL with these headers:

POST /your-path HTTP/1.1
Content-Type: application/json
User-Agent: nevo-dispatcher/1
Nevo-Event-Id: evt_…
Nevo-Event-Type: webhook.received
Nevo-Origin: live
Nevo-Timestamp: 1761234567
Nevo-Signature: t=1761234567,v1=<hmac-sha256>

Nevo-Origin is live for fresh events and replay when an operator re-delivered the event from the dashboard — use it for idempotency if your handler mutates state.

Signature verification

Every delivery is signed with HMAC-SHA256 using the channel’s signing secret (available in the dashboard). Verify:

signed_payload = <Nevo-Timestamp>.<raw-request-body>
expected_sig   = hex(HMAC-SHA256(signing_secret, signed_payload))

Compare expected_sig to the v1=... value in Nevo-Signature in constant time. Reject if Nevo-Timestamp is older than 5 minutes (replay protection).

Retries

Every endpoint carries a retry policy with two knobs:

  • retry_max_attempts — total attempts, including the first. Defaults to 5.
  • retry_backoff_base_seconds — base delay that doubles on each retry. Defaults to 60.

A non-2xx response, a connection error, or a 10-second timeout counts as a failed attempt. Attempts are scheduled at base, 2×base, 4×base, … until the policy is exhausted, at which point the delivery transitions to failed and the event appears in the DLQ.

Both fields are editable from Endpoints → your endpoint → Retry policy in the dashboard. See Retries & dead-letter for the full model.

Status

  • active — the endpoint is receiving events.
  • paused — new events skip this endpoint entirely; retries of already-scheduled deliveries still run.

Toggle from the endpoint detail page.

← Previous Connections Next → Retries & dead-letter