Workspace Webhooks: Isolated event delivery for every customer in your platform

If you're running a multi-tenant SaaS on Firma.dev, you've probably hit this wall before. One company-level webhook receives events for every signing request across every workspace, and your backend has to fan them out to the right customer. Works fine when you control both sides. Falls apart the moment your customers want their own webhook endpoints pointed at their own systems.

Workspace Webhooks fix that. Every workspace can now define its own webhook endpoints with independent signing secrets, fully separate from company-level webhooks. This is the piece that makes Firma.dev's multi-tenant model actually work end to end.

The multi-tenant problem this solves

Customer Workspaces have always given you partitioned spaces for each customer on your platform. Each workspace has its own templates, its own envelope usage, its own API key. Clean separation. But until now, webhook delivery was the exception. Every event routed through a single company-level webhook, which meant your platform was always the middleman for notifications.

That's fine for some architectures. It's a dealbreaker for others. Take a platform that lets its customers connect their own CRMs, ERPs, or ticketing systems. Each customer wants signing events pushed directly into their own stack. Or consider a reseller giving end clients real isolation across their integrations. Or a dev team that wants staging workspaces firing events at a test endpoint while production fires at the real one.

In all of those cases, the webhook has to live at the workspace level or the whole model leaks.

What's available per workspace

Each workspace now gets the full webhook toolkit, scoped to itself:

• Full CRUD on webhook endpoints

• Its own signing secret, with a 7-day rotation grace period when you regenerate

• Test delivery, so you can verify setup without triggering real events

• A per-workspace event log

• An "Ignore Company Webhooks" toggle if you want workspace webhooks to replace company-level delivery entirely rather than run alongside it

That last toggle matters more than it looks. Some teams want both company and workspace webhooks firing, because their platform still needs a global view of events while customers get their own feeds. Other teams want clean isolation where workspace webhooks are the only source of truth. You get to pick per workspace.

Security: SSRF protection on all webhook URLs

One thing worth flagging for developers evaluating this. All webhook URL validation now includes SSRF protection, which blocks private IP ranges, cloud metadata endpoints, and DNS rebinding attempts. When you're letting your customers configure their own webhook endpoints inside workspaces they control, this isn't optional. A customer could acidentally (or deliberately) point a webhook at 169.254.169.254 or an internal IP, and without SSRF protection you'd be proxying requests from Firma's infrastructure into places nobody should reach.

This is handled at the platform layer, so you don't need to build defenses yourself.

API surface

A few additions on the API side:

• workspace_id parameter on POST /webhooks and GET /webhooks so you can scope webhook operations to a specific workspace

• New endpoints for managing workspace webhook secrets: POST /workspaces/{id}/webhooks/rotate-secret and GET /workspaces/{id}/webhooks/secret-status

• Five new fields on the workspace GET response covering webhook configuration state

Full details are in the API changelog for v1.15.0.

When to use workspace webhooks vs company webhooks

Quick mental model:

Company webhooks are for your platform. Anything your core application needs to know about, across every customer, should flow through company-level delivery. Billing events, compliance logging, analytics, internal workflows.

Workspace webhooks are for your customers. Anything a specific customer's systems need to react to should flow through workspace-level delivery. CRM updates, customer-specific notifications, third-party integrations they've set up themselves.

Both can coexist on the same workspace, or you can opt a workspace out of company webhooks entirely. For most multi-tenant platforms, the right pattern is company webhooks for platform-critical events plus workspace webhooks that your customers configure through your UI.

Getting started

If you're already using Customer Workspaces, you can start adding workspace webhooks today. Existing company-level webhook integrations keep working exactly as before. This is purely additive.

Get started with Firma.dev for free, no credit card required. 25 free envelopes, no contracts, no minimums, and the full multi-tenant toolkit including Customer Workspaces and Workspace Webhooks from day one.