How to manually add the automatic deployment webhook to GitHub

DeployHQ will automatically add a webhook to your repository so you can deploy your code from GitHub automatically, however if you've changed repository details you'll need add it manually.

Before you can add your webhook to GitHub, you'll need to retrieve it from your DeployHQ project.

Open your repository up in GitHub (there's a shortcut at the top of DeployHQ labelled "Browse Repository") and click the Settings tab at the top of the screen. Next click Webhooks on the left hand side, then Add webhook at the top:

Enter the URL from DeployHQ into the Payload URL, select application/x-www-form-urlencoded as the Content type and hit Add webhook.

About the GitHub "Secret" field and X-Hub-Signature-256

GitHub's webhook configuration includes an optional Secret field, which, when set, causes GitHub to sign each payload with HMAC-SHA256 and send the signature in the X-Hub-Signature-256 request header.

DeployHQ does not verify X-Hub-Signature-256. Authentication of incoming webhook requests is handled instead by the unguessable auto_deploy_key token that is embedded in the webhook URL itself — that token is what proves the request belongs to your project. You can leave the GitHub Secret field blank, and if you set it anyway, the signature header will simply be ignored by DeployHQ.

This is a deliberate design choice (URL-based authentication rather than payload signing), and it means:

• Treat the webhook URL as a secret — do not paste it into public issues, screenshots, or third-party services
• If you suspect a webhook URL has been exposed, contact support@deployhq.com to have a new URL issued for the project so the old one stops working
• If your organisation requires payload-signed webhooks for compliance reasons, email support@deployhq.com so we can capture the requirement