Webhook Delivery Log¶
CarvOS keeps a short-lived, inspectable record of every webhook delivery — both the outgoing webhooks CarvOS sends to your endpoint and the incoming webhooks your ATS sends to CarvOS. The delivery log lets Carv staff and your own ATS administrators diagnose delivery problems without reproducing them.
What this page covers
This is the technical reference for what is retained and who can access it. It is a data-handling disclosure — please read it before relying on the delivery log for debugging.
What is retained¶
For each delivery attempt, CarvOS stores:
| Field | Notes |
|---|---|
| Request payload | The full JSON body of the webhook, subject to a size cap (oversized payloads are truncated, never silently dropped). |
| Response body | Your endpoint's response body, up to 64 KiB (truncated beyond that). |
| Response headers | A fixed allowlist of non-sensitive headers only — Content-Type, Content-Length, Retry-After, and standard rate-limit headers. Credential and cookie headers are never captured. |
| Request headers | A fixed allowlist of the headers CarvOS itself sets (content type, user agent, host, event type, correlation id); the signature is stored in its own field, not among the headers. For inbound deliveries, only Content-Type and your ATS's X-Webhook-Signature are captured. Your credentials are never captured. |
| HMAC signature | The signature CarvOS computed for the outgoing webhook (outgoing HTTP deliveries only). |
| Status & timing | HTTP status code, outcome (success / failure / error), and delivery duration. |
| Timestamps | When the delivery occurred and when the record expires. |
Payloads are stored unmasked. Short retention (below) is the privacy control.
Retention window¶
Delivery records are automatically deleted 7 days after they are created, via a native Firestore time-to-live policy. There is no manual cleanup and no way to extend retention — records older than 7 days are gone.
Who can access it¶
- Carv staff can view delivery records across all ATS configurations, to support and investigate integration issues.
- Your ATS administrators can view delivery records scoped to your own ATS configuration only, through the Self-Service Portal. One ATS can never see another ATS's records.
Best-effort audit¶
The delivery log is a best-effort audit log. Records may be missing during traffic bursts or platform incidents — but the webhook delivery itself is never affected by a missing record. Do not treat the delivery log as a billing-grade or compliance-grade ledger.