Sources.

A source is the address an event arrives at — plus how we know to trust it. Every org gets an SDK source and a webhook source for free at bootstrap. Third-party integrations are opt-in per source.

What's built in

Four flavors.

• sdk.eventTypeScript SDKbearer key[ready]
• webhook.inHTTP webhookHMAC or bearer[ready]
• agentAI agentbearer token[ready]
• githubGitHubsigned webhook[ready]
• emailInbound emailgenerated addr[ready]
• sdk.pyPython SDKbearer key[soon]
• stripeStripesigned webhook[soon]

The dashboard's /sources lists everything connected for your org. SDK and Webhook rows are created automatically when the org is provisioned; the rest you connect at /sources/new.

The SDK source

One bearer key for the org.

Calls to the TypeScript or Python SDK use a bearer key you mint at /keys. The proxy looks the key up, attaches the org's default sdk.event source to every event in the batch, and the rest of the pipeline knows where the event came from.

Webhook sources

A URL is the source.

Each webhook source has a unique inbound URL of the form https://in.ingestlayer.com/whk/<token>. Auth is per-source: signed (HMAC, default) or bearer. The request body becomes the event payload; the body's type field (if any) becomes the event type, otherwise we stamp a generic <source-kind>.received.

Full reference at webhook ingress.

Status

connected · ready · paused · error

A source's status is independent of any pipeline. Pausing a source stops ingest for it without touching the pipelines that match against it; flipping back to connected resumes immediately. Errors (auth misconfig, expired tokens) show up here before they affect downstream deliveries.