REST API
Webhooks
Publish notifier — POST to your URL whenever workspace content changes.
Each workspace has a single configurable webhook URL. Whenever content changes (post publish/unpublish, navigation save, workspace config edit), Brandfine fires a POST to that URL so consumer sites can invalidate caches.
Configuration
- CMS → Workspace → Settings → Publish notifier.
- URL format:
https://your-site.example/api/brandfine-webhook?secret=<long-random-string> - The
secretquery param is shared with Brandfine. The consumer's webhook handler verifies it with constant-time comparison.
Payload
POST /your-webhook-url?secret=<your-secret>
Content-Type: application/json
User-Agent: Brandfine-Notifier/1
{
"event": "post.published",
"workspaceId": "ws_2N4r",
"postId": "p_2N4r",
"slug": "schengen-visa",
"title": "Schengen Visa",
"publishedAt": "2026-03-12T08:00:00.000Z",
"at": "2026-03-12T08:00:01.123Z"
}Event types
| Event | Fired when |
|---|---|
post.published | A post is published (either first-time or unarchive). |
post.unpublished | A post is unpublished or deleted. |
navigation.created | A new navigation is created. |
navigation.updated | A navigation's metadata (name, key) changes. |
navigation.deleted | A navigation is removed. |
navigation.items.replaced | A navigation's item tree is saved. |
Future event names are added without versioning the payload —
consumers should accept unknown event strings (the SDK's
BrandfineWebhookEvent type uses string with the known
union for autocomplete).
Response semantics
| HTTP code | Brandfine retries? |
|---|---|
200 | No — delivered. |
400 | No — bad body (consumer's fault). |
401 | No — secret mismatch. |
429 | Yes (with backoff). |
5xx | Yes (with backoff, up to ~6 attempts). |
SDK
import { createBrandfineWebhookHandler } from '@brandfine/client/webhook'
export const POST = createBrandfineWebhookHandler({
secret: process.env.BRANDFINE_WEBHOOK_SECRET!,
onEvent: ({ event, key }) => {
postsCache.invalidate()
if (event.startsWith('navigation.'))
navigationsCache.invalidate(key ?? undefined)
},
})The handler verifies the secret, parses the body, calls your
onEvent, and returns the right HTTP code automatically. See
SDK → Webhooks.