Subscribe to any Upvoty event, point us at a URL, and we POST signed JSON the moment it happens. Built-in retries, HMAC signing, event log, no polling required.
{
"event": "post.status_changed",
"data": {
"post_id": "pst_8421",
"title": "SAML SSO with Okta",
"from": "considering",
"to": "in_progress",
"votes": 84
},
"signature": "sha256=a3f1..."
}post.created, vote.added, status_changed, comment.created, and more. Subscribe per event or to all.
Every request is signed with a shared secret so you can verify it really came from Upvoty.
Failed deliveries retry with exponential backoff. Replay any event from the dashboard.
When Zapier is too slow and a native integration does not exist, webhooks fill the gap.
Posts, votes, comments, status.
Verify authenticity in code.
Exponential backoff up to 24h.
See every delivery attempt.
Fire any past event again.
Different URLs per event.
Per-board, per-tag, per-segment.
Stable, versioned schemas.
Webhooks are the universal escape hatch for any tool that takes integration seriously. They let your engineering team build exactly the workflow you need, with no middleware, no third-party rate limits, and no monthly task count to worry about. Upvoty exposes a complete webhook surface on every plan: every event you can imagine subscribing to is available, every payload is HMAC-signed, every delivery is logged, retried, and replayable. If Zapier and our native integrations are the easy path, webhooks are the power-user path.
The mental model is simple. You register an endpoint (an HTTPS URL on your side), choose which events you care about, and Upvoty POSTs a signed JSON payload the moment a matching event occurs. You verify the signature, parse the payload, and do whatever you need: write to a database, kick off a background job, send an email, update an internal dashboard, anything.
The full event catalog covers the entire feedback lifecycle. post.created, post.updated, post.merged, post.deleted, post.status_changed are the post lifecycle. vote.added and vote.removed track engagement. comment.created and comment.deleted give you the discussion stream. user.created and segment.updated cover identity. We add new events regularly and version the payload schemas so existing integrations never break.
Every webhook request is signed with a shared secret using HMAC-SHA256 over the raw request body. The signature lands in an X-Upvoty-Signature header along with a timestamp to prevent replay attacks. Your handler should recompute the signature in constant time and reject any request that fails verification. This is the same model Stripe uses, and our docs include reference implementations in five languages. Combined with TLS, this means you can trust webhook payloads as much as you trust direct API responses.
Networks are flaky. Endpoints go down. Deploys break things. Upvoty assumes all of this. If your endpoint returns anything other than a 2xx response, we retry with exponential backoff for up to 24 hours. Every attempt (successful or failed) is logged with the full request, response, latency, and outcome. You can replay any past event with one click, which is invaluable when you ship a bug in your handler and need to re-process the last 4 hours of events.
Use webhooks when you need real-time, high-volume, low-latency, or you do not want a third party in your data path. Use Zapier when you want no-code, multi-step flows that a PM can edit. Use the REST API when you need to read or write on demand rather than react to events. Use MCP when you want AI agents to drive Upvoty natively. Most mature integrations end up combining two or three of these, and that is exactly how the platform is designed to work.
Related features
Turn user feedback into actionable product optimizations. 14-day free trial, no credit card required.