Webhooks
Webhooks are a lightweight alternative to bots for one-way integrations — posting messages into a channel from an external service. No bot account, no WebSocket connection, no persistent process required.
When to Use a Webhook vs a Bot
| Webhook | Bot | |
|---|---|---|
| Post messages | ✅ | ✅ |
| Respond to messages / commands | ❌ | ✅ |
| Receive real-time events | ❌ | ✅ |
| Requires authentication | URL token only | Bot token + header |
| Setup complexity | Minimal | Moderate |
Use a webhook when you only need to push notifications in one direction. Use a bot when you need to read messages, respond to commands, or react to events.
Executing a Webhook
POST https://app.fluffwire.com/api/webhooks/{webhookId}/{token}
Content-Type: application/jsonNo Authorization header is needed — the token in the URL authenticates the request.
Body:
| Field | Type | Required | Description |
|---|---|---|---|
content | string | Yes | Message text (Markdown supported). |
Response: 200 OK — the created message object.
Rate limit: 5 requests per 5 seconds.
Example:
curl -X POST "https://app.fluffwire.com/api/webhooks/abc123/xyz456" \
-H "Content-Type: application/json" \
-d '{"content": "Deployment to production complete ✅"}'await fetch(`https://app.fluffwire.com/api/webhooks/${webhookId}/${token}`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ content: 'Hello from my integration!' }),
})Webhook Object
When a webhook is created via the Fluffwire UI, the owner receives a webhook object:
{
"id": "...",
"serverId": "...",
"channelId": "...",
"name": "My Webhook",
"token": "...",
"avatar": null,
"createdBy": "...",
"createdAt": "2025-01-01T00:00:00Z"
}The webhook URL is constructed as:
https://app.fluffwire.com/api/webhooks/{id}/{token}How Messages Appear
Messages sent via webhook appear in the channel under the webhook's configured name, with a BOT badge. The webhookId field on the message object identifies the source.
Security
- Keep the token secret — it is the only credential protecting the webhook
- If a token is compromised, delete the webhook and create a new one
- Webhook URLs cannot be regenerated; deletion is the only revocation mechanism