# Standard Webhooks

> An open-source specification and set of tools for sending webhooks easily, securely, and reliably, with reference implementations in 9+ languages.

Standard Webhooks is a community-driven, open-source initiative that defines a strict specification for HTTP callbacks (webhooks), along with reference libraries for verifying webhook signatures across multiple programming languages. The project is hosted on GitHub under the Apache License 2.0 and is guided by a technical steering committee drawn from companies including Zapier, Twilio, Supabase, Kong, Mux, ngrok, Lob, and Svix.

## What It Is

Standard Webhooks is a specification and toolset designed to solve the fragmentation problem in the webhook ecosystem. Today, every webhook provider implements their own signing, verification, and delivery patterns — making it difficult for consumers to handle webhooks consistently and for providers to avoid reinventing solved problems. Standard Webhooks proposes a common protocol, analogous to what JWT did for API authentication, that enables interoperability across providers and consumers.

## The Specification and Reference Libraries

The core of the project is a human-readable specification (`spec/standard-webhooks.md`) that defines strict guidelines for webhook headers, signatures, and payload structure. Alongside the spec, the project ships reference implementations for signature verification in:

- **Python** (`standardwebhooks` on PyPI)
- **JavaScript/TypeScript** (`standardwebhooks` on NPM)
- **Java/Kotlin** (`com.standardwebhooks:standardwebhooks` on Maven Central)
- **Rust** (`standardwebhooks` on crates.io)
- **Go** (as a Go module)
- **Ruby** (`standardwebhooks` on RubyGems)
- **PHP**
- **C#** (`StandardWebhooks.StandardWebhooks` on NuGet)
- **Elixir**

Community implementations also exist for Java, C# (.NET), and Swift.

## Ecosystem Benefits and Adoption

The Standard Webhooks README states that the specification has been adopted by a variety of companies including OpenAI, Anthropic, Google Gemini, Kong, Svix, Supabase, Vanta, Drata, Etsy, PagerDuty, Twilio, TaskRabbit, and others. The project envisions several concrete ecosystem improvements: API gateways implementing signature verification natively, workflow automation tools (such as Zapier, Make, Workato) verifying signatures without per-integration custom code, and auto-generated SDKs that combine signature verification with schema validation via JSON Schema, OpenAPI, or AsyncAPI.

## Technical Steering Committee and Governance

The initiative is community-driven and governed by a technical steering committee with representatives from Zapier, Twilio, Lob, Mux, ngrok, Supabase, Svix, and Kong. The project is compatible with related async event standards including OpenAPI, AsyncAPI, CloudEvents, and IETF HTTP Message Signatures.

## Update: Version 1.0.2

The latest release is **v1.0.2**, published on February 18, 2026. The repository remains actively maintained, with the last push recorded in June 2026. The project has accumulated over 1,700 GitHub stars and 61 forks since its creation in August 2023, signaling growing community interest in webhook standardization.

## Features
- Open-source webhook specification under Apache 2.0
- Reference signature verification libraries in 9+ languages
- Community implementations for Java, C# (.NET), and Swift
- Compatible with OpenAPI, AsyncAPI, and CloudEvents
- Enables API gateway-level signature verification
- Technical steering committee governance
- AI skill for teaching agents to verify webhooks

## Integrations
Python, JavaScript, TypeScript, Java, Kotlin, Rust, Go, Ruby, PHP, C#, Elixir, Swift, OpenAPI, AsyncAPI, CloudEvents, Zapier, Kong, Supabase

## Platforms
API, DEVELOPER_SDK, CLI

## Pricing
Open Source

## Version
v1.0.2

## Links
- Website: https://www.svix.com
- Repository: https://github.com/standard-webhooks/standard-webhooks
- EveryDev.ai: https://www.everydev.ai/tools/standard-webhooks
