Skip to main content
A webhook is a mechanism that enables real-time data transfer between applications by sending immediate notifications when specific events occur. Instead of continuously polling for updates, applications can receive data automatically, making it an efficient way to integrate with third-party services. RisingWave can serve as a webhook destination, directly accepting HTTP requests from external services and storing the incoming data in its tables. By default, the frontend node listens for webhook events on port 4560. You can reconfigure this depending on how your cluster is deployed. When a webhook is triggered, RisingWave processes and ingests the data in real-time. This direct integration eliminates the need for an intermediary message broker like Kafka. Instead of setting up and maintaining an extra Kafka cluster, you can directly send data to RisingWave to process it in real-time, which enables efficient data ingestion and stream processing without extra infrastructure.

Creating a webhook table in RisingWave

To utilize webhook sources in RisingWave, you need to create a table configured to accept webhook requests. Below is a basic example of how to set up such a table: 
-- Create a secret to store the webhook validation key. Note that this is optional but recommended. 
-- Alternatively you can use a raw string (without specifying `SECRET <secret>`).
CREATE SECRET test_secret WITH (backend = 'meta') AS 'secret_value'; 

CREATE TABLE wbhtable (
  data JSONB
) WITH (
  connector = 'webhook',
  [ is_batched = true ]
) VALIDATE SECRET test_secret AS secure_compare(
  headers->>'{header of signature}',
  {signature generation expressions}
);
Parameter or clauseDescription
CREATE SECRETSecurely stores a secret value in RisingWave for request validation.
CREATE TABLEDefines a table with a JSONB column to store webhook payload data.
connectorConfigures the table to accept incoming HTTP webhook requests.
is_batchedOptional, set to true to enable batch ingestion of multiple JSON lines in a single request.
VALIDATE SECRET...AS...Authenticates requests using the stored secret and signature comparison.
secure_compare()Validates requests by matching the header signature against the computed signature, ensuring only authenticated requests are processed. Note secure_compare(...) is the only supported validation function for webhook tables.
header_of_signatureSpecifies which HTTP header contains the incoming signature.
signature_generation_expressionsExpression to compute the expected signature using the secret and payload.
is_batched is added in v2.5.0 and is currently in technical preview stage.
Currently, secret management is a premium feature. You can also use raw string for verification. The following example use raw string 'secret_value' to compute signature. 
create table wbhtable (
  data JSONB
) WITH (
  connector = 'webhook',
) VALIDATE AS secure_compare(
  headers->>'x-hub-signature',
  'sha1=' || encode(hmac('secret_value', data, 'sha1'), 'hex')
);

Supported webhook sources and authentication methods

RisingWave has been verified to work with the following webhook sources and authentication methods:
webhook sourceAuthentication methods
GitHubSHA-1 HMAC, SHA-256 HMAC
SegmentSHA-1 HMAC
HubSpotAPI Key, Signature V2
AWS EventBridgeBearer Token
RudderstackBearer Token
Here are step-by-step guides to help you set up and configure your webhook sources:
While only the above sources have been thoroughly tested, RisingWave can support additional webhook sources and authentication methods. You can integrate other services using similar configurations.

Deploy RisingWave webhook listener

Learn how to deploy and test RisingWave’s webhook listener using open-source tools such as Kubernetes Operator and Helm Chart.

Kubernetes operator

Make sure risingwave-operator ≥ v0.12.0.
  1. Prepare a YAML manifest of RisingWave with the following field set: 
    apiVersion: risingwave.risingwavelabs.com/v1alpha1
kind: RisingWave
metadata:
  name: risingwave
spec:
  enableWebhookListener: true
    You can try with the base YAML.
  2. Apply the YAML to create the RisingWave instance.
Endpoint (intra-Kubernetes) Depending on the object name and namespace, the endpoint is typically: 
Example: risingwave-frontend.default.svc.cluster.local:4560
Format: <service name>.<namespace>.svc.<cluster domain>:4560

Helm Chart

Make sure Helm chart ≥ 0.2.38.
  1. Prepare a YAML values of RisingWave with the following field set: 
    frontendComponent:
  webhookListener: true
  2. Install a Helm release with the values.
    Example command
    helm install --set tags.bundle=true,frontendComponent.webhookListener=true risingwave risingwavelabs/risingwave --version 0.2.38
Endpoint (intra-Kubernetes) Depending on the release name and namespace, the endpoint is typically: 
Example: risingwave.default.svc.cluster.local:4560
Format: <service name>.<namespace>.svc.<cluster domain>:4560

Test webhook locally

To test the webhook locally using Helm, first install a Helm release using the example command provided in Helm Chart. Once the Helm release is running, follow these steps:
  1. Forward ports of the RisingWave to local 
    kubectl port-forward svc/risingwave 4560,4567
  2. Connect with psql and create a demo table. 
    psql -h localhost -p 4567 -d dev -U root
dev=> CREATE TABLE wbhtable (
  data JSONB
) WITH (
  connector = 'webhook'
) VALIDATE AS secure_compare (
  headers->>'signature',
  '1'
);
CREATE_TABLE
  3. Send sample data with curl 
    curl -v -X POST http://localhost:4560/webhook/dev/public/wbhtable \
              -H "Content-Type: application/json" \
              -H "signature: 1" \
              -d '{
        "event": "user.signup",
        "timestamp": "2025-10-10T08:30:00Z",
        "data": {
          "user_id": "12345",
          "email": "test@example.com",
          "name": "John Doe"
        }
      }'
  4. Query from the table and check the result. 
    psql -h localhost -p 4567 -d dev -U root
dev=> select * from wbhtable;
                                                                     data
----------------------------------------------------------------------------------------------------------------------------------------------
 {"data": {"email": "test@example.com", "name": "John Doe", "user_id": "12345"}, "event": "user.signup", "timestamp": "2025-10-10T08:30:00Z"}
(1 row)