You can setup multiple webhooks for your organization that subscribe to events.

If you are interested in platform webhook events. Check the docs here.

Organization Events


Triggered when the federated graph schema has been updated.

  • federated_graph: An object representing the federated graph details.

    • id: The unique identifier for the federated graph.

    • name: The name of the federated graph.

    • namespace: The namespace of the federated graph

  • errors: A boolean value indicating whether there were errors during the update.

  • actor_id (optional): The identifier of the actor updating the schema.

Sample Payload:

  "version": 1,
  "payload": {
    "federated_graph": {
      "id": "graph123",
      "name": "MainGraph",
      "namespace": "default"
    "errors": false,
    "actor_id": "user5678"


To ensure the webhook data is coming from a trusted source and hasn't been tampered with during transit, we employ HMAC signatures. When setting up a webhook, you provide a secret. This secret is used to compute a signature that is sent along with each webhook request.

The header containing this signature is X-Cosmo-Signature-256.

Verification Example

To verify the webhook request, you need to compute the HMAC signature on your server and compare it to the signature in the X-Cosmo-Signature-256 header.

Here's an example in Node.js:

import crypto from 'crypto';

function verifySignature(body, receivedSignature, secret) {
  const computedSignature = crypto
    .createHmac('sha256', secret)

  return computedSignature === receivedSignature;

// Usage:
const isVerified = verifySignature(JSON.stringify(req.body), req.headers['x-cosmo-signature-256'], YOUR_SECRET);

How to set up Webhook notifications

  • Navigate to the notifications page on Cosmo

  • In the Webhooks tab, click on the Create button.

  • Provide the endpoint of the webhook, and the webhook secret for verification and then select the events you want to be notified of.

  • Lastly, click on the Create button.

Last updated