Fire on the events you pick
Subscribe a webhook to row created, updated, deleted, or a bulk update — or all of them. A bulk operation collapses into one event per sheet, not one POST per row, so a big edit doesn't flood your endpoint.
Signed so you can trust it
Each payload is HMAC-SHA256 signed with a per-webhook secret and sent in an X-Wisegrid-Signature header — the same pattern Stripe uses. Verify the signature on your side and you know it really came from Wisegrid.
A delivery log per webhook
Open any connection to see its recent deliveries: the event, an ok/fail pill, the HTTP status, the error if there was one, and when it happened. The classic "did my webhook actually deliver?" question, answered — no secrets or URLs exposed in the log.
Hardened against SSRF
Private, loopback and link-local addresses are blocked, HTTPS is required, and redirects are disabled — both when you save the URL and again on the resolved IP at send time, so a DNS-rebind trick can't point a webhook at your internal network.
Self-healing on dead endpoints
Consecutive failures are counted, and after a sustained run of them the webhook auto-disables so a dead receiver stops getting hammered on every row change. Fix it, re-enable it, and the counter resets on the first success.
Quiet during imports
A bulk Smartsheet import doesn't fan out thousands of webhook POSTs — import-sourced events are skipped. Your integrations see real, interactive changes, not migration noise.
Native connectors are on the way
Slack and Teams connectors aren't built yet — they're on the roadmap with a "notify me" toggle, and your interest pushes the order. Until then, webhooks reach any of them through a couple of lines of glue.