Configure routes
Set config underplugins.entries.webhooks.config:
secret accepts a plain string or a SecretRef: { source: "env" | "file" | "exec", provider: "default", id: "..." }.
Every configured route registers at startup regardless of whether its secret
currently resolves. An unresolvable secret does not disable or skip the
route - requests to it fail authentication (401) until the secret can be
resolved. SecretRef values are re-resolved on every request, so rotating the
underlying secret (env var, file, or exec output) takes effect without a
Gateway restart.
Security model
Each route acts with the TaskFlow authority of its configuredsessionKey: it
can inspect and mutate any TaskFlow owned by that session. TaskFlow access
always goes through api.runtime.tasks.managedFlows.bindSession(...), so a
route can never act outside its bound session. To limit blast radius:
- Use a strong, unique secret per route.
- Prefer a SecretRef over an inline plaintext secret.
- Bind routes to the narrowest session that fits the workflow.
- Expose only the specific webhook path you need.
POST only) and
Content-Type: application/json checks, then fixed-window rate limiting (120
requests per 60-second window per path+client-IP key, up to 4,096 tracked
keys), then in-flight request limiting (8 concurrent requests per key, up to
4,096 tracked keys), then shared-secret authentication, then a 256 KB /
15-second JSON body read. Requests that fail an earlier check never reach
later ones.
Request format
SendPOST requests with Content-Type: application/json and either
Authorization: Bearer <secret> or x-openclaw-webhook-secret: <secret>:
Supported actions
Mutating actions (
set_waiting, resume_flow, finish_flow, fail_flow,
request_cancel) require flowId and expectedRevision for optimistic
concurrency; a stale revision returns 409 revision_conflict.
create_flow
run_task
Allowed runtime values: subagent, acp. startedAt, lastEventAt, and
progressSummary are only valid when status is "running"; sending them
with any other status returns 400 invalid_request.
Response shape
sessionKey. code values include not_found,
not_managed, revision_conflict, persist_failed, cancel_requested,
cancel_pending, terminal, invalid_request, request_rejected, and
action-specific fallback codes (mutation_rejected, create_rejected,
task_not_created, cancel_rejected) when a mutation is rejected for a
reason not covered by the named codes above.
Related
- Hooks - internal event-driven hooks vs. this HTTP-based TaskFlow bridge
- Gateway webhooks (
hooks.*config) - separate generic Gateway HTTP endpoint feature; not the same as this plugin’s routes - Plugin runtime SDK
- CLI webhooks