// the find
svix/svix-webhooks
The open source and enterprise-ready webhooks service 🦀
Svix is a self-hostable webhook delivery service — you point it at Postgres and optionally Redis, make one API call to send an event, and it handles retries, signing, and delivery tracking. It's aimed at SaaS developers who want to offer webhooks to their own customers without building the whole pipeline from scratch. The server is Rust, client SDKs cover every mainstream language.
The signature scheme is done right: symmetric HMAC by default with ed25519 as an opt-in, timestamp included in the signed payload to prevent replay attacks, and the verification logic ships in every official SDK so consumers don't have to figure it out themselves. The bridge component is a genuinely useful addition — it lets you consume from Kafka, RabbitMQ, SQS, or GCP Pub/Sub and forward to Svix without any custom glue code. OpenTelemetry support is built in, not bolted on after the fact. The dead letter queue handling for Redis is explicit and monitorable via a metric rather than silently dropping tasks.
The hosted service and the open-source server are explicitly not at feature parity, and the README is vague about what's actually missing — you only find out when something doesn't work. Redis is listed as optional but without it you lose the task queue, which means retry scheduling falls back to Postgres-only polling; the performance characteristics of that path aren't documented. Java async support is listed as 'planned' with no timeline, which is a problem if you're on a reactive stack. The JWT auth model — a single static secret that signs all tokens for an org — means there's no key rotation story short of bouncing every client integration at once.