Skip to main content

Dashboard

Manage your webhooks at bankr.bot/webhooks.

Overview

The dashboard shows:

  • Webhook list — every webhook with status, mode, version, and recent invocation count
  • Slide-out detail panel — stats, settings, env vars, and live invocation logs per webhook
  • Encrypted env vars — add and remove shared secrets for your handlers

Webhook Detail Panel

Click any webhook to open the slide-out panel. It has four tabs:

Overview

  • Status, mode, version, total invocations, last invoked timestamp
  • 30-day stats — invocations, success rate, p50 and p95 handler duration
  • Your webhook URL — copy-paste ready
  • Deploy hint — the CLI command to redeploy this webhook

Logs

Live feed of recent invocations (polls every 10 seconds):

200  POST  145ms  2s ago
200  POST  89ms   15s ago
401  POST  12ms   1m ago    invalid signature
503  POST  31000ms 5m ago   handler timeout

Click any row to expand:

  • Payload preview — the raw body received (truncated to 2 KB)
  • Handler console output — anything your handler logged via console.log
  • Error details — if the handler threw, the message and stack trace
  • Job ID — the Bankr agent job that ran from this invocation (if the handler returned a prompt)

Logs are retained for 90 days.

caution

Do not log sensitive information (signing secrets, API keys, user PII) via console.log. Console output is stored in the invocation log and visible in the dashboard.

Settings

All per-webhook permissions can be updated here without redeploying:

  • Description — text shown in lists and headers
  • Read-only — toggle write access. Flipping to writes requires non-empty allowedRecipients.
  • Allowed recipients (EVM) — comma-separated EVM addresses the agent may send to
  • Allowed recipients (Solana) — comma-separated Solana addresses
  • Rate limit (per minute, per day) — numeric caps
  • Max payload bytes — request size cap

Click Save — changes take effect on the next invocation. No redeploy needed.

Delete — at the bottom, a dangerous-action button permanently removes the webhook. Cannot be undone.

Env vars

Shared encrypted env vars for all your webhook handlers. Injected as process.env.KEY.

  • Add — enter a KEY (auto-uppercased) and VALUE. Submitted over HTTPS and written to encrypted storage immediately.
  • Remove — click "Remove" next to any variable. Takes effect on the next invocation.

Only key names are shown — values are never displayed or transmitted back to the browser. See Security for the full env var isolation model.

Settings at a Glance

The quickest way to understand what a webhook can do:

IndicatorMeaning
Green active statusWebhook is serving requests.
Yellow paused statusReturns 404 to callers until resumed.
read-only badgeAgent cannot execute write tools for this webhook.
writes badgeAgent can write — but only to allowedRecipients.

Flipping read-only off on a webhook with no allowedRecipients is blocked in the UI.