Personal Webhook sends VerseDB events to a URL you control, as a signed JSON payload. Point it at an automation tool like Zapier, Make, or n8n, or at your own server, and react to things as they happen — a new review, a pull-list release, a collection milestone, and more. It's a Pro feature.
Set it up#
Open Apps → Personal Webhook and choose Set up. Tell VerseDB where deliveries should go, then pick the events you want.
After saving, choose which events to send and use the test buttons to fire a sample delivery and confirm your endpoint receives it.
Events you can send#
Turn on any of these per webhook:
- New review published
- Collection milestone
- Pull-list release
- FOC deadline
- Daily read digest
- Collection item added
- Collection item removed
- List updated
- Issue marked as read
Verifying each delivery#
Every request is a POST with a JSON body and two headers worth knowing:
X-VerseDB-Event— the event type, so you can route without parsing the bodyX-VerseDB-Signature— a signature you can check against your signing secret
The signature looks like t=1718700000,v1=<hash>, where t is a Unix timestamp and v1 is an HMAC-SHA256 of <timestamp>.<raw body> using your signing secret. Recompute it on your end and compare to confirm the payload is genuine and untampered. Requests also carry a VerseDB-Webhook/1.0 user agent.
Always verify the signature before acting on a payload. It's the only way to be sure a request really came from VerseDB and wasn't forged.
Need a fresh secret? Rotate it from the webhook's settings. VerseDB keeps the old secret valid for a grace period — a day by default — and signs each delivery with both the new and old secrets during that window, shown as v1 and v0, so you can roll the secret without missing a delivery.
Good to know#
Personal Webhook is a Pro feature. Deliveries are capped at 500 an hour per webhook, which is plenty for normal use but high enough to stop a runaway loop from hammering your endpoint.