Endpoints

HTTP endpoints let Nevo POST events to your own URLs in addition to streaming them to the SDK.

An endpoint is an HTTP URL on your side that Nevo POSTs events to when they arrive. Use them alongside (or instead of) an SDK client when a persistent connection isn’t practical — serverless functions, webhooks into third-party tools, etc.

When to use endpoints vs the SDK

  • SDK — long-running process, low latency, can send replies. Best when you already have a server.
  • Endpoint (HTTP POST) — stateless handler, easy to deploy on Vercel/Lambda/Cloud Run, works without a persistent connection. No reply support today.

You can wire up both — the same event goes to both destinations.

Endpoint request shape

Nevo POSTs the same Event JSON (see Events) to your URL with these headers:

POST /your-path HTTP/1.1
Content-Type: application/json
User-Agent: nevo-dispatcher/1
Nevo-Event-Id: evt_…
Nevo-Event-Type: webhook.received
Nevo-Origin: live
Nevo-Timestamp: 1761234567
Nevo-Signature: t=1761234567,v1=<hmac-sha256>

Nevo-Origin is live for fresh events and replay when an operator re-delivered the event from the dashboard — use it for idempotency if your handler mutates state.

Signature verification

Every delivery is signed with HMAC-SHA256 using the channel’s signing secret (available in the dashboard). Verify:

signed_payload = <Nevo-Timestamp>.<raw-request-body>
expected_sig   = hex(HMAC-SHA256(signing_secret, signed_payload))

Compare expected_sig to the v1=... value in Nevo-Signature in constant time. Reject if Nevo-Timestamp is older than 5 minutes (replay protection).

← Previous Channels Next → Prompt-ready