You can create webhooks that subscribe to the events listed on this page. To limit the number of HTTP requests to your server, you should only subscribe to the specific events that you plan on handling. For more information, see "Creating webhooks."
Each webhook event on this page includes a description of the webhook properties for that event. If the event has multiple actions, the properties corresponding to each action are included.
Each event is only available to specific types of webhooks. For example, an organization webhook can subscribe to the team event, but a repository webhook cannot. The description of each webhook event lists the availability for that event. For more information, see "Types of webhooks."
Payloads are capped at 25 MB. If an event generates a larger payload, GitHub will not deliver a payload for that webhook event. This may happen, for example, on a create event if many branches or tags are pushed at once. We suggest monitoring your payload size to ensure delivery.
HTTP POST payloads that are delivered to your webhook's configured URL endpoint will contain several special headers:
X-GitHub-Hook-ID : The unique identifier of the webhook.
: The unique identifier of the webhook. X-GitHub-Event : The name of the event that triggered the delivery.
: The name of the event that triggered the delivery. X-GitHub-Delivery : A globally unique identifier (GUID) to identify the event.
: A globally unique identifier (GUID) to identify the event. X-Hub-Signature : This header is sent if the webhook is configured with a secret . This is the HMAC hex digest of the request body, and is generated using the SHA-1 hash function and the secret as the HMAC key . X-Hub-Signature is provided for compatibility with existing integrations. We recommend that you use the more secure X-Hub-Signature-256 instead.
: This header is sent if the webhook is configured with a . This is the HMAC hex digest of the request body, and is generated using the SHA-1 hash function and the as the HMAC . is provided for compatibility with existing integrations. We recommend that you use the more secure instead. X-Hub-Signature-256 : This header is sent if the webhook is configured with a secret . This is the HMAC hex digest of the request body, and is generated using the SHA-256 hash function and the secret as the HMAC key . For more information, see "Validating webhook deliveries."
: This header is sent if the webhook is configured with a . This is the HMAC hex digest of the request body, and is generated using the SHA-256 hash function and the as the HMAC . For more information, see "Validating webhook deliveries." User-Agent : This header will always have the prefix GitHub-Hookshot/ .
: This header will always have the prefix . X-GitHub-Hook-Installation-Target-Type : The type of resource where the webhook was created.
: The type of resource where the webhook was created. X-GitHub-Hook-Installation-Target-ID : The unique identifier of the resource where the webhook was created.
To see what each header might look like in a webhook payload, see "Example webhook delivery."
You can choose to have payloads delivered in JSON format ( application/json ) or as URL-encoded data ( x-www-form-urlencoded ). Following is an example of a webhook POST request that uses the JSON format.