> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Inbound Webhooks

> Create and manage inbound webhook endpoints for receiving external data with HMAC-SHA256, API key, or OAuth Bearer authentication at /fw/webhooks.

The Inbound Webhooks screen lists all inbound webhook endpoints and allows administrators to create, edit, and monitor them at `/fw/webhooks`.

## Overview

This admin screen loads webhook endpoints via `useWebhookEndpoints`. Endpoints are displayed in a table with columns for name, slug, authentication type, and status. Status is derived via `deriveEndpointStatus` and shown as a badge (`active`, `inactive`, `suspended`). Authentication types supported: `hmac_sha256`, `api_key`, `oauth_bearer`, `none`. A search input and status filter dropdown narrow the list. Creating and editing endpoints uses `WebhookEndpointDialog`. A **Logs** view is toggled by `showLogs` to render `WebhookLogsTable`. New endpoints require `fw.webhooks.manage` (gated inside `PermissionGate`).

## Who it's for

Requires permission: `fw.webhooks.view` (`FW_PERMISSIONS.WEBHOOKS_VIEW`). Endpoint management requires `fw.webhooks.manage`.

## Before you start

* Hold `fw.webhooks.view` to access this screen.
* Hold `fw.webhooks.manage` to create or edit endpoints.
* Hold `fw.webhooks.secrets.rotate` to rotate secrets.
* Hold `fw.webhooks.replay` to replay webhook deliveries.

## Steps

<Steps>
  <Step title="Open Inbound Webhooks">Navigate to `/fw/webhooks`.</Step>
  <Step title="Search and filter">Use the search input and status filter to locate a specific endpoint.</Step>
  <Step title="Create a new endpoint">Click **New Endpoint** (requires `fw.webhooks.manage`) to open `WebhookEndpointDialog`.</Step>
  <Step title="Edit an endpoint">Click the edit action on a row to open `WebhookEndpointDialog` with existing values.</Step>
  <Step title="View logs">Toggle the logs view to open `WebhookLogsTable` for incoming delivery records.</Step>
</Steps>

## Key concepts

* **Endpoint slug** — the URL path segment that identifies the webhook endpoint to external senders.
* **Auth types** — `hmac_sha256` (signature-based), `api_key`, `oauth_bearer`, `none`.
* **Endpoint status** — derived from `deriveEndpointStatus`: `active`, `inactive`, or `suspended`.

## Related

<Columns cols={2}>
  <Card title="Forms & Workflow" icon="diagram-project" href="/fw/overview">
    Forms & Workflow core overview.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index">
    Documentation coverage and governance.
  </Card>
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/fw\.tsx
  * src/cores/fw/pages/WebhookEndpointsPage.tsx
  * src/cores/fw/types/webhook.ts
  * src/platform/permissions/constants.ts
</Accordion>
