Fire a trigger

POST /sop/triggers/:process_name

Starts a new process instance via an inbound webhook trigger. No bearer token required — auth is HMAC-based. The raw request body is signed by the third party using the shared secret declared in the process definition.

IMPORTANT —

No bearer token. Auth is HMAC — the third party signs the raw request body using the shared secret declared at process.trigger.auth.secret_env. See Authentication.

Path parameters

process_name string REQUIRED: The process name. The process must declare trigger.type: webhook.

Response

201 application/json — New instance object.

Errors

401 invalid_signature HMAC signature did not match.

500 trigger_misconfigured Engine env var for HMAC secret is unset.

404 not_found No process with that name.

curl https://api.opensop.dev/sop/triggers/customer-onboarding \
  -X POST \
  -H "Content-Type: application/json" \
  -H "X-Hub-Signature-256: sha256=<hmac>" \
  -d '{"data":{"company":"Acme Corp","country":"US"}}'

// Sign the body with your shared secret first
await fetch(
  "https://api.opensop.dev/sop/triggers/customer-onboarding",
  {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "X-Hub-Signature-256": sig
    },
    body: payload
  }
);

requests.post(
  "https://api.opensop.dev/sop/triggers/customer-onboarding",
  data=body,
  headers={
    "Content-Type": "application/json",
    "X-Hub-Signature-256": sig
  }
)

req = Net::HTTP::Post.new("/sop/triggers/customer-onboarding")
req["X-Hub-Signature-256"] = sig
req["Content-Type"]        = "application/json"
req.body = payload
Net::HTTP.start("api.opensop.dev", use_ssl: true) { |h| h.request(req) }

RESPONSE 201

{
  "id":      "01HXYZ_ACME_002",
  "process": "customer-onboarding",
  "state":   "running"
}