How do I know a webhook really came from my sender?

Set the source to HMAC or bearer auth. In HMAC mode ingestlayer recomputes HMAC-SHA256 over the raw body and compares it to the X-Ingest-Signature header in constant time, rejecting anything that doesn't match before the event enters the pipeline.

What stops a retry from being processed twice?

Send an X-Ingest-Idempotency-Key header. Ingest is deduplicated on it, so a sender that retries on a timeout still produces exactly one event.

Can I reshape the payload before it lands?

Yes — the body arrives as-is, then the transform action maps it to whatever shape your destination expects, so a third party's field names never leak into your Slack message or your Postgres columns.

ingestlayer/recipes/v0.4

HTTP webhook → Notion

Any service that can send an HTTP request becomes a source. ingestlayer generates an ingest URL — https://in.ingestlayer.com/whk/<token> — and every POST to it becomes one event.

01source

sourcewebhook.inHTTP webhook

matchorder.created

02pipeline · 3 steps

01MUTtransformreshape the body to your schema
02CTLdedupedrop replays by id
03CTLfilter.matchroute only what matches

03destinations · 1

tonotion.dbNotion
databaseSignups

how events arrive

01
create the endpoint
Add an HTTP webhook source. ingestlayer generates a unique URL of the form https://in.ingestlayer.com/whk/<token> that accepts any HTTP POST.
02
choose auth
HMAC signing (the default) or a bearer token. In signed mode the sender includes an X-Ingest-Signature header — the hex HMAC-SHA256 of the raw body — which ingestlayer recomputes and compares in constant time, rejecting anything that doesn't match. An unauthenticated mode exists for local testing.
03
send your events
POST JSON to the URL. The body becomes the event payload; if it carries a string `type` that becomes the event type, otherwise ingestlayer stamps webhook.in.received. Rename or reshape fields with the transform action downstream.

from http webhookdelivered

POST /whk/wh_3f8a HTTP/1.1
Host: in.ingestlayer.com
Content-Type: application/json
X-Ingest-Signature: 9f86d081884c…

{
  "type":     "order.created",
  "order_id": "ord_18f2",
  "amount":   4200,
  "currency": "eur",
  "email":    "ada@acme.com"
}

route it to Notion

Append events as rows to a Notion database, or content to a page. Connect once with OAuth, pick the target per pipeline.

01
connect your workspace
Authorize the ingestlayer Notion integration over OAuth from the destinations page, then choose which databases and pages it may touch. We hold only that workspace's access token, in-region, in the same KMS as your other credentials.
02
pick a target
Per pipeline, choose a database to append a typed row to, or a page to append content to. The picker lists exactly what you shared with the integration during authorization — nothing else.
03
map the columns
For a database, match event fields to Notion properties — automatically by column name, or per-column with $event.* templates. The title column falls back to the event name, so a row is never blank. For a page, the rendered body is appended as blocks.

in notiondelivered

┌─ Signups · database ───────────────────┐
│  Name        ada@acme.com               │
│  Plan        ● pro                       │
│  Source      marketing-site             │
│  Signed up   2026-06-03                  │
└─────────────────────────────────────────┘

notes

Notion grants access page by page: the integration only sees databases and pages you explicitly share during authorization. Add the target there, or the delivery dead-letters as object_not_found.
Each column is coerced to its Notion type — number, date, select, checkbox, URL, and so on. Properties an integration can't write (people, relations, files, formulas, rollups) are skipped rather than guessed.
Title and rich-text values cap at 2000 characters per block and are chunked beyond that; a single page append tops out at 100 blocks.
Tokens don't expire, but revoking the integration inside Notion flips the destination to an error state — reconnect from the destinations page to resume delivery.

questions

How do I know a webhook really came from my sender?: Set the source to HMAC or bearer auth. In HMAC mode ingestlayer recomputes HMAC-SHA256 over the raw body and compares it to the X-Ingest-Signature header in constant time, rejecting anything that doesn't match before the event enters the pipeline.
What stops a retry from being processed twice?: Send an X-Ingest-Idempotency-Key header. Ingest is deduplicated on it, so a sender that retries on a timeout still produces exactly one event.
Can I reshape the payload before it lands?: Yes — the body arrives as-is, then the transform action maps it to whatever shape your destination expects, so a third party's field names never leak into your Slack message or your Postgres columns.

build this pipeline or read the quickstart →