Deploy Hooks

Deploy hooks allow an external service to receive a notification whenever a new version of your app is pushed to Workflow. It’s useful to help keep the development team informed about deploys, while it can also be used to integrate different systems together.

After one or more hooks are setup, hook output and errors appear in your application’s logs:

$ deis logs
2011-03-15T15:07:29-07:00 deis[api]: Deploy hook sent to

Deploy hooks are a generic HTTP hook. An administrator can create and configure multiple deploy hooks by tuning the controller settings via the Helm chart.


The HTTP deploy hook performs an HTTP POST to a URL. The parameters included in the request are the same as the variables available in the hook message: app, release, release_summary, sha and user. See below for their descriptions:


Optionally, if a deploy hook secret key is added to the controller through tuning the controller settings, a new Authorization header will be present in the POST request. The value of this header is computed as the HMAC hex digest of the request URL, using the secret as the key.

In order to authenticate that this request came from Workflow, use the secret key, the full URL and the HMAC-SHA1 hashing algorithm to compute the signature. In Python, that would look something like this:

import hashlib
import hmac"my_secret_key", "", digestmod=hashlib.sha1).hexdigest()

If the value of the computed HMAC hex digest and the value in the Authorization header are identical, then the request came from Workflow.


When computing the signature, ensure that the URL parameters are in alphabetic order. This is critical when computing the cryptographic signature as most web applications don't care about the order of the HTTP parameters, but the cryptographic signature will not be the same.