The Webhook allows you to subscribe to different Sitefinity CMS events. When a particular event is registered by the EventHub system, the data for the event is sent to a particular URL that you have registered in the Webhook.

The URL can be the URL of an external system or application that you want to integrate with Sitefinity CMS. The Webhook allows you to accomplish this without writing code in Sitefinity CMS.


The Webhook mechanism has its own module and configuration section in the Advanced settings. The Webhook module is disabled by default. 

In the configuration section, you can configure a collection of event types. For these types you register one or more URLs. 
These are events that are raised by the Sitefinity CMS EventHub and can only be public interfaces that inherit from IEvent, for example -Telerik.Sitefinity.Web.Events.ILoginCompletedEvent

For each event, you can have a collection of URLs. To these URLs, the Webhook sends a POST request with Content-Type: application/json. The body of the request contains the event properties serialized in JSON format.

Supported events

The Webhook module supports the following events:

  • Telerik.Sitefinity.Web.OutputCache.IOutputCacheInvalidationEvent
  • Telerik.Sitefinity.Web.Events.ILoginCompletedEvent
  • Telerik.Sitefinity.Modules.Forms.Events.IFormEntryCreatedEvent

Setup procedure

PREREQUISITES: To use the Webhook, you must activate the Webhook module from Administration » Modules & Services.

To setup the Webhook, perform the following:

  1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
  2. In the treeview on the left, expand Webhook and click Webhook events » Create new.
  3. Enter the Event type that you want to register.
    You can enter one of the supported events.
  4. Save your changes.
  5. To register a URL where the event will send its data, expand the already registered event and click URLs » Create new.
  6. In URL, enter the URL where you want to send the event’s data.
  7. Add a layer of security using the Secret field.
    Enter a secret that is strong enough.
    Sitefinity CMS uses this secret to compute a Hash-based message authentication code (HMAC) of a string in this format: {body_of_request}_{timestamp}.  This is converted to Base64 string. The timestamp is the current Unix timestamp in milliseconds. The hashing algorithm used is SHA256. Sitefinity CMS sends the HMAC as a Sf-Signature header and the timestamp as a Sf-Signature-Timestamp header. 

    IMPORTANT: If you configure a secret, then you must compute the hash on the other side, using the secret and the timestamp, and compare it with the Sf-Signature header. This way you can ensure that the request comes from Sitefinity CMS and can prevent others from sending invalid data to the endpoint. 

  8. Save your changes.

Webhook sample JSONs




Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?

Next article

RESTful WCF services