Skip to content
Select themeSelect language

bitbucket repository webhook

POST

Bitbucket repository / pipeline webhook delivery. SupaCloud reads the X-Event-Key header, /pullrequest/source/branch/name and /pullrequest/links/html/href.

Media typeapplication/json

A third-party git-forge webhook delivery (GitHub / GitLab / Bitbucket / Forgejo). The forge owns the body schema; SupaCloud reads only a small, provider-specific subset by JSON pointer (e.g. action, /pull_request/merged, /pull_request/head/ref, /object_attributes/state, /pullrequest/source/branch/name). Because the consumed keys diverge per provider and are read positionally rather than deserialized into a fixed struct, the faithful representation is an open record; the consumed pointers are named per operation, not falsely promoted to a closed schema.

object
key
additional properties

The forge’s webhook body. SupaCloud reads only a small provider-specific subset by JSON pointer (named per operation), so the faithful contract is an open record rather than a falsely-closed struct.

Examplegenerated
{
"additionalProperty": "example"
}

Delivery accepted (ack {"received": true}).

Media typeapplication/json

{"received": true} — the ack the git-forge webhook receivers (/webhooks/{github,gitlab,bitbucket,forgejo}) return once a delivery has been accepted. The receiver always acks (200) even on a filtered-out delivery so the forge does not disable the hook.

object
received
required

Always true once the delivery is accepted.

boolean
Examplegenerated
{
"received": true
}

Malformed body (non-JSON / rejected content-type).

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Invalid or missing HMAC signature.

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Forbidden (issue-debate fail-closed gate / disabled automation switch).

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Unknown trigger token.

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Email trigger migrated past its grace window (email receiver only).

Media typeapplication/json

The standard webhook ack body returned by SupaCloud’s own trigger receivers: { "status": "fired" | "skipped" | "gone", "run_id": "<uuid>"?, "reason": "<text>"? }. A receiver acks (200) even on a filtered-out delivery so the sender does not disable the hook; run_id is present only when a run was started.

object
reason

Why a delivery was skipped or is gone — present for skipped / gone.

string | null
run_id

The started workflow run id — present only when status = "fired".

string | null format: uuid
status
required

fired (a run started), skipped (authenticated but filtered out) or gone (a migrated email trigger past its grace window).

string
Examplegenerated
{
"reason": "example",
"run_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"status": "example"
}