bitbucket repository webhook
Bitbucket repository / pipeline webhook delivery. SupaCloud reads the X-Event-Key header, /pullrequest/source/branch/name and /pullrequest/links/html/href.
Authorizations
Section titled “Authorizations”Request Bodyrequired
Section titled “Request Bodyrequired”A third-party git-forge webhook delivery (GitHub / GitLab / Bitbucket /
Forgejo). The forge owns the body schema; SupaCloud reads only a small,
provider-specific subset by JSON pointer (e.g. action,
/pull_request/merged, /pull_request/head/ref, /object_attributes/state,
/pullrequest/source/branch/name). Because the consumed keys diverge per
provider and are read positionally rather than deserialized into a fixed
struct, the faithful representation is an open record; the consumed pointers
are named per operation, not falsely promoted to a closed schema.
object
The forge’s webhook body. SupaCloud reads only a small provider-specific subset by JSON pointer (named per operation), so the faithful contract is an open record rather than a falsely-closed struct.
Examplegenerated
{ "additionalProperty": "example"}Responses
Section titled “Responses”Delivery accepted (ack {"received": true}).
{"received": true} — the ack the git-forge webhook receivers
(/webhooks/{github,gitlab,bitbucket,forgejo}) return once a delivery has
been accepted. The receiver always acks (200) even on a filtered-out delivery
so the forge does not disable the hook.
object
Always true once the delivery is accepted.
Examplegenerated
{ "received": true}Malformed body (non-JSON / rejected content-type).
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Invalid or missing HMAC signature.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Forbidden (issue-debate fail-closed gate / disabled automation switch).
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Unknown trigger token.
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Email trigger migrated past its grace window (email receiver only).
The standard webhook ack body returned by SupaCloud’s own trigger receivers:
{ "status": "fired" | "skipped" | "gone", "run_id": "<uuid>"?, "reason": "<text>"? }.
A receiver acks (200) even on a filtered-out delivery so the sender does not
disable the hook; run_id is present only when a run was started.
object
Why a delivery was skipped or is gone — present for skipped / gone.
The started workflow run id — present only when status = "fired".
fired (a run started), skipped (authenticated but filtered out) or
gone (a migrated email trigger past its grace window).
Examplegenerated
{ "reason": "example", "run_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "status": "example"}