Webhooks Configuration

Real-time Game Update Intelligence

Integration Guide

Webhook Setup

Configure your endpoint to receive instant notifications the moment a title like Aetheria Online or Neon Drifters pushes a new build to production.

Navigate to your developer dashboard, select the target game namespace, and register a secure HTTPS endpoint. PatchPulse validates your server with a handshake challenge before routing live events. You can subscribe to granular triggers including `patch.release`, `patch.rollout`, `patch.rollback`, and `asset.update`. Our delivery engine enforces a 5-second response timeout and applies exponential backoff across up to four retry attempts within a two-hour window.

Endpoint Registration

Submit a valid HTTPS URL supporting TLS 1.2+. Include your namespace slug and optional filter tags to limit event volume.

Event Filtering

Subscribe only to relevant titles or regions. Filter by patch type (hotfix, seasonal, major) to reduce payload noise.

Delivery Monitoring

Track success rates, latency percentiles, and failed deliveries directly in the Pulse Analytics console.

Data Schema

Payload Structure

Every webhook delivers a strictly typed JSON object conforming to the Pulse Schema v2.1.4, ensuring predictable parsing across your pipeline.

The root object contains an immutable `event_id`, ISO 8601 `timestamp`, and `game_id` namespace. Core patch data lives under the `payload` object, which includes `version_string`, `changelog_url`, `affected_platforms` (array of `pc`, `ps5`, `xbox-series-x`, `switch-2`), and a cryptographic `manifest_hash`. Optional metadata fields like `rollout_percentage` and `maintenance_window` appear only when applicable. All payloads are compressed via Brotli when `Accept-Encoding: br` is present, reducing average transfer size from 4.2 KB to 1.8 KB.

Core Fields

`event_id` (UUIDv7), `timestamp` (UTC), `game_id`, `event_type`, and `region_code` anchor every message for idempotent processing.

Patch Metadata

`version_string`, `build_number`, `changelog_summary`, `asset_hashes` (SHA-256 array), and `requires_restart` boolean flag.

Delivery Headers

`X-Pulse-Schema`, `X-Pulse-Retry-Count`, `Content-Type: application/json`, and `X-Pulse-Request-Id` for traceability.

Verification & Hardening

Security & Verification

Protect your ingestion pipeline with cryptographic signature verification and strict replay-window enforcement.

PatchPulse signs every outbound webhook using HMAC-SHA256 with your unique webhook secret. The resulting hex digest is attached to the `X-Pulse-Signature` header. Verify the signature by computing `HMAC-SHA256(timestamp || '.' || raw_body)` and comparing it against the header value. Reject any request where the payload timestamp exceeds a 300-second drift threshold to neutralize replay attacks. Rotate your webhook secret quarterly through the dashboard, and restrict inbound traffic to our delivery CIDR blocks (`104.26.10.0/24`, `172.67.180.0/22`).

Signature Verification

Reconstruct the signed string using the `X-Pulse-Timestamp` and raw body, then apply your secret key via HMAC-SHA256.

Replay Prevention

Enforce a strict 5-minute validity window on `X-Pulse-Timestamp`. Cache verified `event_id` values for 24 hours to drop duplicates.

Network Hardening

Whitelist Pulse delivery IPs, enforce TLS 1.3, and disable HTTP fallback. Enable mutual TLS if your infrastructure supports mTLS handshakes.