Webhooks
Trigger the Bankr agent from any external event.
Bankr Webhooks let you deploy a TypeScript handler that receives incoming HTTP requests (Slack, GitHub, Stripe, Zapier, your own app) and returns a prompt for the Bankr agent to run on your behalf. Each handler runs in its own isolated serverless environment with your encrypted env vars injected.
Manage your webhooks at bankr.bot/webhooks — view invocations, configure permissions, and rotate secrets.
Why Webhooks?
| Feature | Benefit |
|---|---|
| Plain handler contract | Write a function that returns { prompt }. No SDKs to learn. |
| Deploy in seconds | bankr webhooks deploy bundles and ships your code instantly. |
| Isolated execution | Each webhook runs in its own sandbox. Your secrets and code never touch other users' code. |
| Encrypted env vars | Signing secrets and API keys are stored encrypted and injected as process.env. |
| Scoped agent permissions | Default readOnly=true means handlers can only trigger read tools. Opt in to writes. |
| Transfer allowlist | Even when writes are enabled, transfers can only go to addresses you pre-approved. |
| Provider scaffolds | --provider slack|github|stripe scaffolds a signature-verified handler. |
| Live invocation logs | Every request shows up in the dashboard with status, duration, and errors. |
How It Works
External service Your webhook Bankr agent
│ │ │
│ POST /u/<wallet>/<name> │ │
│────────────────────────────► │ │
│ │ Your handler runs │
│ │ Verifies signature │
│ │ Returns { prompt, threadId? } │
│ │ │
│ │────────────────────────────► │
│ │ │ Agent runs with
│ │ │ your permissions
│ │ │ (readOnly, recipients)
│ 202 Accepted (async) │ │
│◄──────────────────────────── │ │
- You write a handler that verifies the upstream signature and returns a prompt for the agent.
- You deploy it with
bankr webhooks deploy. You get back a public URL:https://webhooks.bankr.bot/u/<wallet>/<name>. - External services POST to that URL. Your handler runs, returns a prompt.
- Bankr's agent executes the prompt under the permissions you configured for this webhook — separate from your main API key's permissions.
- You see the invocation in the dashboard with logs, status, and duration.
Typical Use Cases
- Slack bot — a Slack Event subscription POSTs to your webhook. Your handler verifies the signing secret and returns a prompt like "reply in thread
<ts>with today's portfolio". The agent posts via a Slack skill. - GitHub release automation — a
releaseevent triggers the agent to post a summary to a channel and, if configured, award team members a token transfer from your wallet. - Stripe payment success — a
charge.succeededevent triggers the agent to buy a pre-configured amount of ETH with the incoming USD value. - Cron / Zapier — any HTTP call can turn into an agent action. Good for "every morning at 9am, summarize my positions and post to Discord".
Pricing
Webhooks are included with your Bankr account. Handler execution, delivery, logging, and storage are all free today — you only pay for the on-chain operations the agent performs on your behalf (swap gas, transfer gas, etc.), just like any other Bankr session.
Safety by Default
Every new webhook starts with:
readOnly: true— the agent can read data but cannot sign or submit transactions.- Empty
allowedRecipients— if you later flipreadOnlyoff, you must first add recipient addresses. - A rate limit of 10 requests per minute and 1,000 per day.
- 10 KB max payload size.
Read Security for the full permission model before enabling writes.