Skip to main content
Forward LangSmith-detected agent issues into your incident-management, paging, or chat tools. LangSmith Engine sends a webhook event to your endpoint when it opens a new issue, or when it links a new trace to an issue it has already opened. To configure webhook subscriptions, open the Engine Settings panel on the Engine tab of a tracing project. See Configure LangSmith Engine.
A destination delivers to either a webhook URL or a Slack channel. Both use the same event types and minimum-priority filtering described on this page. Slack destinations post through LangSmith’s managed Slack app instead of sending the JSON payload below, so the signing secret and custom headers do not apply.To set up Slack delivery, see Notify a Slack channel. The rest of this page documents webhook URL destinations.

Delivery

LangSmith sends a POST request with a JSON body to your webhook URL. The request uses Content-Type: application/json and includes any custom headers you attached to the subscription.
Retries deliver a byte-identical payload, including the same id. Dedupe on id so a retried delivery does not produce a duplicate downstream effect.

Custom headers

You can attach arbitrary headers to each subscription (for example, Authorization: Bearer …) to authenticate the caller at your endpoint. Content-Type is always set by LangSmith and cannot be overridden.

Signing secret

Each subscription has a signing secret. LangSmith uses this secret to sign the raw webhook request body and sends the result in the X-LangSmith-Signature header. The header value has this format:
Verify the signature before parsing or acting on the payload. The HMAC input is the exact raw request body bytes, and the HMAC key is the subscription’s signing secret. Do not parse and reserialize the JSON body before verification.

Roll a signing secret

Roll a signing secret when it may have been exposed, or when your organization’s credential rotation policy requires a new secret. To roll a secret, open the subscription row in Engine Settings, click Roll signing secret, and confirm. LangSmith generates a new signing secret and uses it for future webhook deliveries immediately. The previous secret stops signing deliveries as soon as the roll completes. After rolling the secret, update every consumer that verifies X-LangSmith-Signature with the new value.

Severity filtering

Each subscription has a severity_threshold from 0 to 3. For issue events, an event is delivered only when the issue’s severity is less than or equal to the threshold. Lower numbers are more urgent. For example, a subscription with severity_threshold: 1 receives events for URGENT (0) and HIGH (1) issues only. Severity thresholds do not apply to issue.agent_run.failed, because run-failure events are scoped to an Engine session rather than to a specific issue.

Event-type filtering

Each subscription specifies the event types it wants to receive. Subscriptions created without an explicit list default to ["issue.created"].

Event envelope

Every event delivered to your endpoint uses the same outer JSON shape.

Issue data.object

For issue.created and issue.trace.added, data.object is a snapshot of the issue. Treat it as the authoritative state of the issue at the time the event was generated.

Run failure data.object

For issue.agent_run.failed, data.object describes the Engine run that failed.

data.trace

data.trace is included only on issue.trace.added events.

Batch coalescing

A single upstream action can produce multiple webhook events. When Engine opens a new issue and attaches five traces to it, you receive one issue.created event and five issue.trace.added events, all sharing the same request_id. Use request_id to group these into a single downstream notification.

Event types

The event types below are the complete set LangSmith Engine sends today. New types may be added in the future, so handlers should ignore unknown type values rather than failing.

issue.created

Sent when LangSmith Engine creates a new issue. data.trace is omitted.

issue.trace.added

Sent when a new trace is linked to an existing issue. data.trace describes the linked trace.

issue.agent_run.failed

Sent when LangSmith Engine fails to complete a run. This event is session-scoped, so it does not include data.trace and does not use severity filtering.

Test your endpoint

Before pointing a real subscription at your endpoint, send a sample payload to verify it accepts and acknowledges within the 20-second timeout:
Use the example body from issue.created as sample-issue-created.json. Verify that:
  • The custom Authorization header arrives and matches the secret you configured on the subscription.
  • The handler persists the event keyed by its id so retries are deduped.
  • The handler returns 2xx before kicking off slow downstream work.

Security

  • Webhook URLs are validated when the subscription is created and again at delivery time. Private and metadata IP ranges are blocked in SaaS. Both http:// and https:// are accepted; use https:// so the payload and any custom headers are not sent in cleartext.
  • LangSmith signs webhook bodies with the subscription’s signing secret. Verify X-LangSmith-Signature before processing the payload.
  • You can also set custom headers on the subscription, such as Authorization: Bearer …, for routing or additional authentication at your endpoint.
  • Dedupe on the event id so that a retried delivery does not cause a duplicate notification.

Best practices

  • Acknowledge fast. Respond with 2xx as soon as you have persisted the event. Move slow work (fan-out, paging, downstream API calls) onto a queue so your handler stays within the 20-second timeout.
  • Tolerate unknown event types. Ignore type values your handler does not recognize. New event types may be added without notice.
  • Tolerate new fields. Parse payloads with a permissive schema. New fields may be added to existing event types without notice.