Triggers
When events occur in apps — a new Slack message, a GitHub commit, an incoming email — triggers send event data to your application as structured payloads.
Two delivery types
| Type | What happens | Examples |
|---|---|---|
| Webhook | The provider pushes events to a Composio-issued ingress URL in real time. Composio verifies the provider's signature, processes the payload, and fans the event out to matching trigger instances. | Slack, Asana, Notion, Outlook, ... |
| Polling | Composio polls the provider on a schedule. Composio managed auth has a 15-minute minimum interval; expect that as the worst-case delay between source event and delivery. | Gmail, Google Calendar |
End-to-end flow
For every webhook trigger, an event takes the same path on the way to your application:
provider event ──▶ Composio ingress ──▶ trigger fan-out ──▶ webhook subscription ──▶ your applicationTwo URLs sit on opposite sides of Composio, both configured once:
- Webhook subscription — your URL where Composio delivers signed events. One per project. See Subscribing to triggers.
- Webhook endpoint — the ingress URL the provider posts events to. Composio configures this for you in most cases; for some webhook triggers, you may need to set it up once per OAuth app — see Configuring the webhook endpoint on the Creating triggers page.
Composio verifies signatures on both hops:
- At ingress, every inbound request is verified against the signing secret on the webhook endpoint. Unsigned or tampered requests are rejected before any trigger fires. When Composio configures the endpoint, the signing secret comes from the connected account's credentials; when you configure it, you store the secret on the endpoint yourself.
- At delivery, every webhook Composio sends to your endpoint is signed with your subscription secret — verify it as described in Verifying webhooks.
Working with triggers
Configure delivery to your application. Create a webhook subscription so Composio knows which URL to deliver events to. One-time per project.
Pick a trigger type and inspect it. Find the trigger type for the event you want (e.g. GITHUB_COMMIT_EVENT) and inspect it — the response tells you what config it needs and whether a webhook endpoint must be configured first.
If the trigger requires a webhook endpoint, configure it. Follow Configuring the webhook endpoint. One-time per OAuth app.
Create the trigger scoped to a user's connected account — see Creating triggers.
Receive events at your subscription URL, verify the signature, and route on metadata.trigger_slug.
Manage triggers as needed — see Managing triggers.
Triggers are scoped to a connected account. If you haven't set up authentication yet, see Authentication.
Next steps
Subscribing to events
One-time per project: tell Composio which URL to deliver events to
Creating triggers
Inspect a trigger type and create trigger instances via the SDK or dashboard
Configuring the webhook endpoint
Situational: required only when you bring your own OAuth app and the trigger needs it
Verifying webhooks
Verify webhook signatures and understand payload versions
Managing triggers
Discover, list, enable, disable, and delete triggers
Example: Gmail labeler
Build an automated email labeling agent using triggers