Conversation webhook delivery
Intercom support-conversation webhook (#596). Intercom POSTs conversation.user.created / conversation.user.replied topics; authenticated by the X-Hub-Signature HMAC-SHA1 header over the raw body against the trigger’s per-trigger signing secret (the Intercom app client_secret). A user message enqueues a gated reactive-backlog item. Path: POST /api/workflows/triggers/intercom/{token}.
Authorizations
Section titled “Authorizations”Request Bodyrequired
Section titled “Request Bodyrequired”The generic webhook / trigger delivery body: an arbitrary JSON object the
caller posts. SupaCloud does not impose a fixed shape — the whole object is
handed to the workflow run as the trigger context (SC_TRIGGER_CONTEXT).
This is an honest record-of-unknown, NOT a fake structure: the runtime never
deserializes it into named fields.
object
Arbitrary trigger payload fields, forwarded verbatim to the run as
SC_TRIGGER_CONTEXT. Flattened so the component IS the open object the
caller posts (not a wrapper); the runtime never deserializes named fields.
Examplegenerated
{ "additionalProperty": "example"}Responses
Section titled “Responses”Delivery accepted (enqueued or skipped).
The ack body returned by the #596 conversation receivers (chatwoot/intercom):
{ "status": "enqueued" | "skipped", "backlog_item_id": "<uuid>"?, "reason": "<text>"? }.
A matched new conversation / incoming message ENQUEUES a gated reactive-backlog
item (carrying its id); a verified-but-non-actionable delivery (filtered,
notify-only, a stale replay, or a dedupe) is acked skipped with a reason —
never an error. (Distinct from WebhookAck: an enqueue is not a fired run, so
the id field is backlog_item_id, not run_id.)
object
The enqueued backlog item id — present only when status = "enqueued".
Why a delivery was skipped — present for skipped.
enqueued (a reactive-backlog item was created) or skipped.
Examplegenerated
{ "backlog_item_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "reason": "example", "status": "example"}Malformed body (non-JSON / rejected content-type).
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Invalid or missing HMAC signature.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Unknown trigger token.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}