Skip to main content
The Colossal app emits events when things happen in your project: orders placed, products published, payments processed. These events trigger agents and are available through the HTTP request action for forwarding to external systems. Cart and checkout events live in Storefront triggers. Each event follows a consistent envelope format:
event
object

Common Types

These types are reused across multiple event payloads.
Customer
object
LineItem
object

ORDER_CREATED

Cart converted into an order during checkout, before payment.
payload
object

ORDER_CONFIRMED

Payment processed successfully, before fulfillment.
payload
object

ORDER_COMPLETED

Order fully complete. Payment processed and fulfillment finished.
payload
object

ORDER_CANCELLED

Order cancelled.
payload
object

ORDER_REFUNDED

Order refunded.
payload
object

CUSTOMER_CREATED

New customer account created.
payload
object

CUSTOMER_UPDATED

Customer details updated.
payload
object

INVOICE_CREATED

New invoice created.
payload
object

INVOICE_PAID

Invoice paid.
payload
object

PAYMENT_SUCCEEDED

Payment completed successfully.
payload
object

PAYMENT_FAILED

Payment failed.
payload
object

PRODUCT_CREATED

New product created.
payload
object

PRODUCT_UPDATED

Product details modified.
payload
object

PRODUCT_PUBLISHED

Product made visible in the storefront.
payload
object

PRODUCT_DRAFT_DISCARDED

Product draft discarded.
payload
object

PRODUCT_ARCHIVED

Product archived.
payload
object

PRODUCT_UNARCHIVED

Product restored from archive.
payload
object

PRODUCT_VARIANT_CREATED

New variant added to a product.
payload
object

PRODUCT_VARIANT_UPDATED

Variant details changed.
payload
object

PRODUCT_VARIANT_DELETED

Variant removed from a product.
payload
object

PRODUCT_PRICE_CREATED

Price tier added to a variant.
payload
object

PRODUCT_PRICE_UPDATED

Price tier changed.
payload
object

PRODUCT_PRICE_DELETED

Price tier removed.
payload
object

PRODUCT_MEDIA_ADDED

Media files attached to a variant.
payload
object

PRODUCT_MEDIA_REMOVED

Media files removed from a variant.
payload
object

PRODUCT_DELIVERABLE_CREATED

New deliverable created.
payload
object

PRODUCT_DELIVERABLE_UPDATED

Deliverable details changed.
payload
object

PRODUCT_DELIVERABLE_ARCHIVED

Deliverable archived.
payload
object

PRODUCT_VARIANT_DELIVERABLE_ADDED

Deliverable attached to a variant.
payload
object

PRODUCT_VARIANT_DELIVERABLE_REMOVED

Deliverable removed from a variant.
payload
object

NOTIFICATION_POSTED

A notification is posted to the workspace inbox. Filter with choice steps on notification_type, category, or severity; per-type fields live under notification_payload.
payload
object

Webhook Security

Agent webhook actions support custom headers, so you can include a secret key to verify that incoming requests are from Colossal. When configuring a webhook action in your agent, add an authorization header with a secret value: 
{
  "headers": {
    "X-Webhook-Secret": "your-secret-key"
  }
}
Then verify it on your server: 
app.post('/webhooks/colossal', (req, res) => {
  const secret = req.headers['x-webhook-secret'];

  if (secret !== process.env.WEBHOOK_SECRET) {
    return res.status(401).send('Unauthorized');
  }

  // Process webhook
  res.status(200).send('OK');
});

Best Practices

  1. Use a secret header - Add a shared secret to your webhook headers to verify requests
  2. Handle duplicate events - Use correlation_id for idempotency
  3. Return 200 quickly - Process events asynchronously
  4. Handle retries - We retry failed webhooks up to 3 times
  5. Monitor webhook endpoints - Ensure high availability