Event triggers
Start workflows from module events, webhooks, schedules, or manual kicks.
Trigger types
| Trigger | Fires on |
|---|---|
| Schedule | A cron expression. Per-tenant timezone. |
| Module event | A change inside ThorStack — deal stage moved, invoice paid, order shipped, etc. |
| Webhook | An HTTPS POST to a tenant-scoped URL. Signed with HMAC-SHA256. |
| Email-in | A unique +inbox address per workflow; the email body becomes the payload. |
| Manual | A "Run now" button on the workflow page. |
Module events
Every module emits structured events. The most common:
| Module | Events |
|---|---|
| CRM | deal.created, deal.stage_changed, contact.created, activity.logged |
| Commerce | order.created, order.fulfilled, inventory.low, refund.requested |
| Finance | invoice.sent, invoice.paid, bill.due_soon, expense.captured |
| Marketing | campaign.scheduled, post.published, audience.changed |
| Workspace | mail.received, meeting.declined, task.completed |
A trigger can filter on event payload — e.g. only fire order.created if order.amount > 500. Filters use the same expression language as Conditional steps.
Webhooks
Inbound webhook URLs look like https://api.<your-tenant>.thorstack.com/wh/<workflow-slug>. Each carries an HMAC-SHA256 signature in the X-ThorStack-Signature header. Verify it server-side before accepting the payload.
Outbound webhooks (workflow nodes that POST to external URLs) sign the same way; the receiver verifies.
Idempotency
Every event carries an event_id. If a trigger fires twice with the same id (e.g. a webhook retry), the second run is deduplicated — only the first becomes a real run. This makes "retry until 2xx" safe on the producer side.
Next
- Workflow basics — the run model.
- Audit logs — every trigger fire is logged.