[BE-58] Implement outbound Webhooks system — register URLs and dispatch events to external systems

[yusuftomilola]

Overview

External systems (Slack, ERPs, custom dashboards, Zapier) need to receive AssetsUp events in real time. A webhook system lets users register URLs that receive HTTP POST payloads when platform events occur — enabling integrations without polling. Enables FE-26 (Developer portal webhook management UI).

Context

• Webhooks must be signed with HMAC-SHA256 using a per-webhook secret so receivers can verify authenticity
• Failed deliveries must be retried with exponential backoff
• Webhook payloads use the same NotificationEvent enum from BE-56

Acceptance Criteria

• Create Webhook entity: id, userId, name, url, secret (stored hashed, original shown only once on creation), events (text array of NotificationEvent values to subscribe to), isActive, lastTriggeredAt, failureCount, createdAt
• POST /webhooks — creates webhook, generates a random secret (shown once in response), stores hash
• GET /webhooks — list user's webhooks (never return the secret)
• DELETE /webhooks/:id
• POST /webhooks/:id/test — sends a test payload ({ event: 'webhook.test', timestamp }) to the registered URL
• Create WebhookDispatchService.trigger(event, payload) — finds all active webhooks subscribed to this event, POSTs JSON payload with header X-AssetsUp-Signature: sha256=${hmac}, retries on failure up to 3 times
• Wire WebhookDispatchService into NotificationDispatchService from BE-56

[Talentgift24-ux]

@Talentgift24-ux has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

i would love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Talentgift24-ux to this issue.

[ojuotimi932]

@ojuotimi932 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi Maintainer Can I resolve this kindly assign

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ojuotimi932 to this issue.

[Nimatstar]

@Nimatstar has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi can i work on this task?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Nimatstar to this issue.

[drips-wave]

Congratulations, @Nimatstar! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @Nimatstar: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊