The Webhook allows you to subscribe to different Sitefinity CMS events. When a particular event is registered by the EventHub system, the data for the event is sent to a particular URL that you have registered in the Webhook.

The URL can be the URL of an external system or application that you want to integrate with Sitefinity CMS. The Webhook allows you to accomplish this without writing code in Sitefinity CMS.


The Webhook mechanism has its own module and configuration section in the Advanced settings. The Webhook module is disabled by default. 

In the configuration section, you can configure a collection of event types. For these types you register one or more URLs. 
These are events that are raised by the Sitefinity CMS EventHub and can only be public interfaces that inherit from IEvent, for example -Telerik.Sitefinity.Web.Events.ILoginCompletedEvent

For each event, you can have a collection of URLs. To these URLs, the Webhook sends a POST request with Content-Type: application/json. The body of the request contains the event properties serialized in JSON format.

Supported events

The Webhook module supports the following events:

  • Telerik.Sitefinity.Web.OutputCache.IOutputCacheInvalidationEvent
  • Telerik.Sitefinity.Web.Events.ILoginCompletedEvent
  • Telerik.Sitefinity.Modules.Forms.Events.IFormEntryCreatedEvent

Setup procedure

PREREQUISITES: To use the Webhook, you must activate the Webhook module from Administration » Modules & Services.

To setup the Webhook, perform the following:

  1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
  2. In the treeview on the left, expand Webhook and click Webhook events » Create new.
  3. Enter the Event type that you want to register.
    You can enter one of the supported events.
  4. Save your changes.
  5. To register a URL where the event will send its data, expand the already registered event and click URLs » Create new.
  6. In URL, enter the URL where you want to send the event’s data.
  7. Add a layer of security using the Secret field.
    Enter a secret that is strong enough.
    Sitefinity CMS uses this secret to compute a Hash-based message authentication code (HMAC) of a string in this format: {body_of_request}_{timestamp}.  This is converted to Base64 string. The timestamp is the current Unix timestamp in milliseconds. The hashing algorithm used is SHA256. Sitefinity CMS sends the HMAC as a Sf-Signature header and the timestamp as a Sf-Signature-Timestamp header. 

    IMPORTANT: If you configure a secret, then you must compute the hash on the other side, using the secret and the timestamp, and compare it with the Sf-Signature header. This way you can ensure that the request comes from Sitefinity CMS and can prevent others from sending invalid data to the endpoint. 

  8. Save your changes.

Webhook sample JSONs




Want to learn more?

Sign up for our free beginner training. Boost your credentials through advanced courses and certification.
Register for Sitefinity training and certification.

Was this article helpful?

Next article

RESTful WCF services