Skip to main content
Triggers let you run agents automatically — either on a schedule or in response to an incoming webhook. Each trigger is linked to an agent and sends it a message when it fires.

Creating a Trigger

Navigate to Settings > Triggers and click New Trigger. Every trigger requires:
  • Type: Scheduled or Webhook
  • Name: A label for the trigger
  • Agent: Which agent to invoke
  • Message (optional): The prompt sent to the agent when the trigger fires. For webhooks, this is the default message — it can be overridden in the webhook payload.

Scheduled Triggers

Scheduled triggers run on a recurring basis using cron expressions.

Frequency Options

PresetDescription
HourlyRuns at the top of every hour
DailyRuns once per day at a chosen time
WeekdaysRuns Monday through Friday at a chosen time
WeeklyRuns once per week at a chosen time
CustomPick specific days of the week or month with a time

Timezone

By default, schedules use your browser’s detected timezone. You can change this under Advanced options in the trigger creation form.

Webhook Triggers

Webhook triggers expose a URL that you can POST to from any external system — CI/CD pipelines, monitoring tools, third-party integrations, or custom scripts. When you create a webhook trigger, you receive a Webhook URL and a Webhook Secret. The secret is only shown once, so save it immediately.

Payload Format

Send a JSON body with these optional fields:
FieldTypeDescription
messagestringOverrides the trigger’s default message
payloadobjectArbitrary data passed as context
{
  "message": "Analyze the latest deployment logs",
  "payload": {
    "environment": "production",
    "commit": "abc123"
  }
}
If you omit message, the trigger’s default message (configured in the UI) is used instead.

Authentication

Every request must include an HMAC-SHA256 signature in the X-Piper-Signature header. The signature is computed over the raw request body using your webhook secret. Header format: 
X-Piper-Signature: sha256=<hex_digest>
How to compute the signature:
  1. Take the exact bytes of the request body
  2. Compute HMAC-SHA256(webhook_secret, body)
  3. Hex-encode the result
  4. Prefix with sha256=
Requests with missing or invalid signatures are rejected with a 401 response.

Code Examples

WEBHOOK_URL="https://api.example.com/v1/webhooks/triggers/YOUR_TRIGGER_ID"
WEBHOOK_SECRET="your_webhook_secret"
BODY='{"message": "Hello from webhook"}'

SIGNATURE=$(echo -n "$BODY" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | sed 's/.*= //')

curl -X POST "$WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -H "X-Piper-Signature: sha256=$SIGNATURE" \
  -d "$BODY"

Rate Limiting

Webhook endpoints are rate-limited to 60 requests per minute per IP address. This is configurable via the RATE_LIMIT_WEBHOOK environment variable in self-hosted deployments.

Error Responses

StatusMeaning
202 AcceptedWebhook received and queued for processing
400 Bad RequestInvalid JSON payload
401 UnauthorizedMissing or invalid X-Piper-Signature
404 Not FoundTrigger ID does not exist
409 ConflictTrigger is inactive
429 Too Many RequestsRate limit exceeded

Trigger Runs

Every webhook invocation creates a trigger run that you can view in the trigger’s history. Each run shows:
  • Status: pending, running, success, or error
  • Duration: How long the agent took to respond
  • Session link: Navigate directly to the agent’s conversation