Endpoint requirements
Your endpoint must:- Accept
POSTrequests over public HTTPS. - Return a
2xxresponse when the dispatch is accepted. - Return
401or403for authentication failures. - Return
429with an optionalRetry-Afterheader when you want Latitude to retry later.
Request body
Latitude sends JSON with the trigger, the dispatch context, and the prompt text assembled for the agent.context shape depends on the trigger source, but trigger, project identity, a Latitude deep link, and the rendered prompt are always included.
Headers
Latitude includes two headers on every delivery:| Header | Description |
|---|---|
X-Latitude-Delivery | Stable idempotency key for this dispatch. Use it to deduplicate retries. |
X-Latitude-Signature | HMAC-SHA256 signature of the raw JSON request body, prefixed with sha256=. |
Verify the signature
When you connect the webhook integration, Latitude shows a webhook secret once. Store it securely and use it to verifyX-Latitude-Signature.
Retry behavior
Latitude retries transport failures,429, and 5xx responses. A 4xx response other than 429 is treated as a configuration or authentication failure and is not retried indefinitely.