# Subscribing to triggers (/docs/setting-up-triggers/subscribing-to-events) # Webhooks Webhooks are the recommended way to receive trigger events in production. To start receiving events, create a webhook subscription with your endpoint URL and select which event types you want to receive. You can subscribe to one or both: | Event type | Description | | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `composio.trigger.message` | Fired when a trigger receives data from an external service | | `composio.connected_account.expired` | Fired when a connected account expires and needs re-authentication. See [Subscribing to connection expiry events](/docs/subscribing-to-connection-expiry-events). | Set your webhook URL in the [dashboard settings](https://platform.composio.dev?next_page=/settings/webhook) or via the [Webhook Subscriptions API](/reference/api-reference/webhooks): ```bash curl -X POST https://backend.composio.dev/api/v3/webhook_subscriptions \ -H "X-API-KEY: " \ -H "Content-Type: application/json" \ -d '{ "webhook_url": "https://example.com/webhook", "enabled_events": ["composio.trigger.message"] }' ``` > The response includes a `secret` for [verifying webhook signatures](/docs/webhook-verification). This is only returned at creation time or when you [rotate the secret](/reference/api-reference/webhooks/postWebhookSubscriptionsByIdRotateSecret). Store it securely. ## Handling events All events arrive at the same endpoint. Route on the `type` field to handle each event type: > [Inspect the payload schema](#inspecting-trigger-payload-schemas) for a trigger before writing your handler. See [Webhook payload (V3)](#webhook-payload-v3) for the full event structure. **Python:** ```python from composio import WebhookEventType @app.post("/webhook") async def webhook_handler(request: Request): payload = await request.json() event_type = payload.get("type") if event_type == WebhookEventType.TRIGGER_MESSAGE: trigger_slug = payload["metadata"]["trigger_slug"] event_data = payload["data"] if trigger_slug == "GITHUB_COMMIT_EVENT": print(f"New commit by {event_data['author']}: {event_data['message']}") # Handle connected account expired events return {"status": "ok"} ``` **TypeScript:** ```typescript type NextApiRequest = { body: any }; type NextApiResponse = { status: (code: number) => { json: (data: any) => void } }; export default async function webhookHandler(req: NextApiRequest, res: NextApiResponse) { const payload = req.body; if (payload.type === 'composio.trigger.message') { const triggerSlug = payload.metadata.trigger_slug; const eventData = payload.data; if (triggerSlug === 'GITHUB_COMMIT_EVENT') { console.log(`New commit by ${eventData.author}: ${eventData.message}`); } } // Handle connected account expired events res.status(200).json({ status: 'ok' }); } ``` > Always [verify webhook signatures](/docs/webhook-verification) in production to ensure payloads are authentic. ## Inspecting trigger payload schemas Each trigger type defines the schema of event data it sends. Use `get_type()`/`getType()` to inspect it before writing your handler: **Python:** ```python from composio import Composio composio = Composio() trigger_type = composio.triggers.get_type("GITHUB_COMMIT_EVENT") print(trigger_type.payload) # Returns: {"properties": {"author": {...}, "id": {...}, "message": {...}, "timestamp": {...}, "url": {...}}} ``` **TypeScript:** ```typescript import { Composio } from '@composio/core'; const composio = new Composio(); const triggerType = await composio.triggers.getType("GITHUB_COMMIT_EVENT"); console.log(triggerType.payload); // Returns: {"properties": {"author": {...}, "id": {...}, "message": {...}, "timestamp": {...}, "url": {...}}} ``` The payload schema tells you what fields will be in the `data` object of the webhook event. ## Webhook payload (V3) New organizations receive V3 payloads by default. V3 separates event metadata from the actual event data: ```json { "id": "msg_abc123", "type": "composio.trigger.message", "metadata": { "log_id": "log_abc123", "trigger_slug": "GITHUB_COMMIT_EVENT", "trigger_id": "ti_xyz789", "connected_account_id": "ca_def456", "auth_config_id": "ac_xyz789", "user_id": "user-id-123435" }, "data": { "commit_sha": "a1b2c3d", "message": "fix: resolve null pointer", "author": "jane" }, "timestamp": "2026-01-15T10:30:00Z" } ``` > See [webhook payload versions](/docs/webhook-verification#webhook-payload-versions) for V2 and V1 formats. # Testing locally ## SDK subscriptions Subscribe to trigger events directly through the SDK without setting up a webhook endpoint. Uses WebSockets under the hood. **Python:** ```python from composio import Composio composio = Composio() subscription = composio.triggers.subscribe() @subscription.handle(trigger_id="your_trigger_id") def handle_event(data): print(f"Event received: {data}") subscription.wait_forever() ``` **TypeScript:** ```typescript import { Composio } from '@composio/core'; const composio = new Composio(); await composio.triggers.subscribe( (data) => { console.log('Event received:', data); }, { triggerId: 'your_trigger_id' } ); ``` ## Using ngrok To test the full webhook flow locally, use [ngrok](https://ngrok.com) to expose your local server: ```bash ngrok http 8000 ``` Then use the ngrok URL as your webhook endpoint: ```bash curl -X POST https://backend.composio.dev/api/v3/webhook_subscriptions \ -H "X-API-KEY: " \ -H "Content-Type: application/json" \ -d '{ "webhook_url": "https://your-ngrok-url.ngrok-free.app/webhook", "enabled_events": ["composio.trigger.message"] }' ``` Events will now be forwarded to your local server at `http://localhost:8000/webhook`. # Identifying trigger events Every webhook event includes a `metadata` object that tells you exactly where it came from: | Field | What it tells you | | ------------------------------- | ------------------------------------------------- | | `metadata.trigger_id` | Which trigger instance fired this event | | `metadata.trigger_slug` | The type of trigger (e.g., `GITHUB_COMMIT_EVENT`) | | `metadata.connected_account_id` | Which connected account it belongs to | | `metadata.user_id` | Which user it's for | | `metadata.auth_config_id` | Which auth config was used | Use `trigger_id` to match events to a specific trigger instance, or `trigger_slug` to handle all events of a certain type. These fields can also be passed as filters when using [SDK subscriptions](#sdk-subscriptions). # What to read next - [Verifying webhooks](/docs/webhook-verification): Validate webhook signatures to ensure payloads are authentic - [Managing triggers](/docs/setting-up-triggers/managing-triggers): List, enable, disable, and delete trigger instances - [Troubleshooting triggers](/docs/troubleshooting/triggers): Not receiving events? Check common trigger issues and how to fix them --- 📚 **More documentation:** [View all docs](https://docs.composio.dev/llms.txt) | [Glossary](https://docs.composio.dev/llms.mdx/docs/glossary) | [Cookbooks](https://docs.composio.dev/llms.mdx/cookbooks) | [API Reference](https://docs.composio.dev/llms.mdx/reference) --- # Composio SDK — Instructions for AI Code Generators **Purpose:** Enforce only the **current** and **correct** patterns for integrating [Composio](https://composio.dev/) tools into AI agents. **Scope:** All AI-generated code using Composio must follow these guardrails. --- ## 1. Correct Composio Integration Composio supports two integration modes: **Native Tools** (with a provider package) and **MCP** (no provider package needed). ### Native Tools ```python # ✅ CORRECT — Python (defaults to OpenAI) from composio import Composio composio = Composio() session = composio.create(user_id="user_123") tools = session.tools() # Pass tools to your agent/LLM framework ``` ```typescript // ✅ CORRECT — TypeScript (defaults to OpenAI) import { Composio } from "@composio/core"; const composio = new Composio(); const session = await composio.create("user_123"); const tools = await session.tools(); // Pass tools to your agent/LLM framework ``` For other providers, pass the provider explicitly. Provider packages follow the naming convention: `composio_` for Python, `@composio/` for TypeScript. ### MCP Use `session.mcp.url` and `session.mcp.headers` with any MCP-compatible client (Claude Desktop, Cursor, OpenAI Agents, etc.). No provider package needed. --- ## 2. CRITICAL INSTRUCTIONS FOR AI MODELS ### 2.1 — ALWAYS DO THE FOLLOWING 1. **Use `composio.create(user_id)`** to create a session — this is the entry point for all Composio integrations. 2. **Use `session.tools()`** for native tool integration or **`session.mcp.url`** for MCP integration. 3. **Import** from the correct provider package (`composio_` for Python, `@composio/` for TypeScript). 4. **Pass `user_id` to `composio.create()`**, not to individual tool calls. ### 2.2 — NEVER DO THE FOLLOWING 1. **Do not** instruct users to manually create auth configs or connected accounts before running. 2. **Do not** import from `composio_openai` / `@composio/openai` when using OpenAI Agents SDK — use `composio_openai_agents` / `@composio/openai-agents` instead. ### 2.3 — DISCOURAGED (do not use unless user explicitly asks) Do **not** generate `composio.tools.get()`, `composio.tools.execute()`, or `composio.provider.handle_tool_calls()` unless the user explicitly requests direct tool execution. These are a supported but **not recommended** low-level interface. --- ## Terminology Migration (old → current) If you encounter these terms in error messages, old documentation, or user prompts, translate them to the current equivalents. **Do not use the old terms in generated code or explanations.** | Old term (v1/v2) | Current term (v3) | In code | |---|---|---| | entity ID | user ID | `user_id` parameter | | actions | tools | e.g., `GITHUB_CREATE_ISSUE` is a *tool* | | apps / appType | toolkits | e.g., `github` is a *toolkit* | | integration / integration ID | auth config / auth config ID | `auth_config_id` parameter | | connection | connected account | `connected_accounts` namespace | | ComposioToolSet / OpenAIToolSet | `Composio` class with a provider | `Composio(provider=...)` | | toolset | provider | e.g., `OpenAIProvider` | If a user says "entity ID", they mean `user_id`. If they say "integration", they mean "auth config". Always respond using the current terminology.