Integration · GitHub
GitHub webhook proxy with retries and DLQ
Charon Gate is a reliable proxy in front of your GitHub webhook destination. We verify the X-Hub-Signature-256 HMAC, retry failed deliveries with exponential backoff, capture exhausted events in a dead-letter queue, and let you replay any push, pull_request, or workflow_run event without asking GitHub to redeliver.
Why Charon Gate for GitHub
- X-Hub-Signature-256 HMAC verification using `crypto.timingSafeEqual` — no timing oracles.
- Replay GitHub events without GitHub's 30-day redelivery window — Charon retains every payload for the lifetime of your retention policy.
- Per-repository routing: filter on `event-type` headers so a single Charon endpoint can route push events one way and workflow_run events another.
- Detailed delivery timeline per event — see the exact 4xx/5xx response from your destination, not GitHub's blackbox status.
How verification works
- Header
- X-Hub-Signature-256
- Algorithm
- HMAC-SHA256
- Upstream docs
- docs.github.com/en/webhooks
Charon Gate also accepts the legacy `X-Hub-Signature` (SHA-1) header but warns when it is used in isolation — GitHub recommends SHA-256 for all new integrations.
Example GitHub events
Charon Gate is event-shape agnostic — these are typical GitHub event types our customers route through us today.
pushpull_requestworkflow_runissuesreleasedeployment_statusFAQ
- Can I use Charon Gate for GitHub App webhooks as well as repo webhooks?
- Yes. The verification algorithm and headers are identical. Configure the GitHub App's webhook URL in the App settings page just as you would a repo webhook.
- Does Charon validate GitHub's source IP ranges?
- Optional. The dashboard exposes an IP allowlist setting that, when populated, drops requests outside the configured CIDRs before signature verification — useful when paired with GitHub's published `meta` API IP ranges.
Ready when you are
Front your GitHub webhooks with Charon Gate in 90 seconds.