Docs / Vendor onboarding
Connect GitHub webhooks to Relin
Relin receives GitHub webhooks, verifies signatures, stores payloads, and delivers them to your endpoints with retries, alerts, and replay.
Before you start
- Create a Relin workspace and sign in.
- Have admin access to the GitHub account where you'll configure the webhook.
- Decide which events you want to capture, or start with "all events" if you're exploring.
Setup steps
- In Relin, open your workspace and click New source. Pick the GitHub tile.
- Copy the ingest URL Relin shows. This URL is shown once, so store it.
- Create a webhook for the repository or organization.
- Send webhook events to the Relin source URL.
- Use the same secret here and in GitHub.
- Save and send a test event from GitHub. Confirm Relin received it in your workspace.
Webhook secret: Use the same secret value you enter for the GitHub webhook.
What Relin does next
- Verifies the signature on every incoming event and records the status (verified, failed, unchecked).
- Stores the payload so you can replay or inspect it later, bounded by your workspace retention window.
- Delivers the event to every destination you've connected to this source, with retries and per-destination rate limits.
- Surfaces lifecycle gaps (for vendors with known lifecycles) as anomalies you can triage from the dashboard.
Test it
The fastest check is the events view in your workspace. After you send a test event from GitHub, it appears within a second or two. Click into the event to see the raw payload, signature status, and the delivery attempts to your destinations.
You can also use the REST API or the MCP tools to inspect the stream programmatically.
GitHub-specific notes
- Use webhook signing secret v2 (X-Hub-Signature-256). The older v1 signature is no longer secure. Relin verifies v2 by default.
- For organization-level webhooks, scope the events to the repos you actually care about. Relin will receive everything you subscribe to and keep the full audit trail whether you filter on Relin's side or not.
Troubleshooting
- Signature status is failed: the webhook secret doesn't match. Re-copy it from GitHub and update the Relin source.
- Signature status is unchecked: no signing secret is configured on the source yet. Paste the secret on the source settings page.
- No events arriving: check that the ingest URL in GitHub matches the URL Relin shows, including the token segment at the end.
- Events arrive but destinations fail: open the delivery attempts tab on the event detail page. Each attempt shows the response body, status, and timing.
Next
- Add a destination so Relin can forward events to your app.
- Configure retry policy for resilient delivery.
- Set up alerts on failed deliveries or missing events.