Changelog

Here's what shipped in June across the gateway and dashboard.

Endpoint URL templates

Endpoints support URL templates. Register one endpoint with placeholder tokens in its path or query, and Convoy matches incoming dynamic events against it and delivers to each event's concrete URL, so one endpoint can route to many destinations without you creating each one by hand.

URL templates are a Premium feature. Turn on the Endpoint URL Templates early adopter flag for your organization under Settings → Early Adopter Features.

Sign up with Google

Google sign-in already lived on the login page; now the signup page has it too. Click Sign up with Google, complete the OAuth flow, and your account is created. One less password for new users. The button shows up when Google OAuth is enabled for your instance.

Delivery insights

We added more detail to every delivery attempt so debugging is easier:

• Request and response timestamps on each attempt, so you can see exactly when Convoy sent and when your endpoint replied
• Attempt source IP, so you know which Convoy instance made the call
• Delivery descriptions that explain why an attempt landed where it did
• Retry budget sync so the configured retry limit and the queue stay in agreement

Delivery modes

Subscriptions now expose a Delivery Mode when you create or edit them. At least once (the default) keeps Convoy's retry behavior: failed deliveries retry until your endpoint responds successfully or retries are exhausted. At most once treats any HTTP response from your endpoint as final, so there is a single attempt; Convoy only retries when there is no HTTP response at all, such as a network error.

Dashboard improvements

• Mobile responsiveness: the dashboard now works across phone and tablet sizes
• Org switcher: search, counts, and pagination make it quick to jump between organizations

Billing

Self-hosted instances can now buy a license with guest checkout, right from the dashboard. We also fixed billing cycles to track your real subscription period (start, end, and next invoice date) instead of a fixed calendar month, so usage lines up with what you're actually billed. Go to Settings → Usage and Billing. Billing is available to billing admins and organization admins.

Security hardening

We tightened auth and outbound request handling, scoped portal-link access to owned endpoints, and required org membership on dashboard org routes.

Try a URL template on your next endpoint, then check Settings → Usage and Billing to see where you stand.

Here's what shipped in May.

Inbound event filtering

Subscription filters now match on query parameters and the request path, not just the body and headers. Define rules on a subscription and Convoy drops events that don't match before they reach your endpoints, so you only deliver what you care about. Less noise, fewer wasted deliveries.

Filtering is a Premium feature (advanced subscriptions).

Idempotency header overrides

By default, Convoy stamps each delivery with its own X-Convoy-Idempotency-Key so your endpoint can dedupe retries and replays. If your receiver already has its own idempotency scheme, you can now set that header yourself in the event's custom_headers, and Convoy forwards your value instead of overwriting it. When you don't set one, Convoy's default still applies, so existing endpoints keep working unchanged.

Auth and outbound hardening

We closed a set of gaps in Convoy's auth boundaries and outbound paths. Project and portal permissions are now enforced consistently: event creation, replays, and portal writes all check that the project is enabled and that you own the endpoint before anything is queued. Outbound OAuth2 token requests go through the same protected transport as the rest of Convoy's egress, so untrusted input can't steer them at internal addresses. Secret generation also moved to a cryptographic RNG.

If you self-host with the JWT realm enabled, Convoy now requires CONVOY_JWT_SECRET and CONVOY_JWT_REFRESH_SECRET and refuses to start without them. Set both before upgrading.

Dashboard on Angular 21

The dashboard moved to Angular 21 with a flat ESLint config and lint in CI. Less of a payoff you'll see directly, more that the UI now ships faster and with fewer regressions.

Add a filter to any subscription and only the events you want get through.

Here's what shipped in April. This one is mostly operational: better visibility into the queue, a sturdier storage layer, and a round of security fixes.

Queue monitoring

Instance admins can watch the queue from the admin dashboard. See depth and health at a glance, so you catch a backlog before it turns into late deliveries.

Object storage refactor

We reworked the object storage layer. Exports and large payloads now go through a cleaner path that's easier to reason about and less likely to break under load.

API versioning

We upgraded to request-migrations v2. Older API clients keep working as we evolve the API, so an upgrade on our side doesn't break your integration.

Security and reliability

• No token replay: password reset tokens are now single-use
• AMQP credentials: special characters in RabbitMQ connection credentials are escaped correctly
• SSO: hardened the login and retry-deactivation paths
• Split proxies: the webhook dispatcher honors NO_PROXY
• CI: nightly CVE scans flag vulnerable dependencies early

Update when you get a chance, then keep an eye on your queue from the admin dashboard.

Here's what shipped in February and March across the gateway and dashboard.

Bulk onboarding

Stand up many endpoints at once. Send a list of destinations (name, URL, event type, and optional basic auth) to the bulk onboard API and Convoy creates the endpoints and their subscriptions in a single call. Run it as a dry run first to catch bad rows before anything is created. Basic auth on the items follows the same gate as below; without the license, those endpoints are created without auth.

Basic auth for endpoints

Endpoints now support basic auth. Set a username and password in the endpoint form and Convoy sends the Authorization header on every delivery, so you can reach endpoints that sit behind basic auth.

Basic auth is a Premium feature. Turn on the Basic Auth early adopter flag for your organization under Settings → Early Adopter Features.

Workspace slugs

Organizations can set a workspace slug on cloud, and it takes the organization admin role to edit. The slug gives your team a named SSO sign-in instead of a generic screen, which uses Enterprise SSO.

Under the hood

• Faster, safer queries: we moved the events, event deliveries, endpoints, and event types data layer onto sqlc, so queries are type-checked at build time
• Fanout fix: events with no matching subscriptions no longer get stuck
• Billing: usage now falls back to the current month when no period is set

More cleanup landed across SSO redirects and login UX. Add basic auth to an endpoint, or stand up a batch of them with one API call.

We shipped bug fixes, better observability, and a refactored data layer for the Core Gateway.

Fixes & observability

Endpoints in Paused or Inactive state now activate correctly, and OSS default-user login no longer requires a license. We fixed filter evaluation for boolean values in arrays and a startup bug where the worker blocked the agent server. For Sentry, we've updated the configuration to use the default Environment field.

Data layer improvements

We refactored the data layer to use SQLC for type-safe SQL across API keys, configuration, delivery attempts, organisations, portal links, projects, sources, and filters. Behaviour is unchanged and no config or API changes are required on your side.

Upgrade for the fixes and observability improvements.

We shipped four features this week: organization-level feature flags, OAuth2 authentication for endpoints, a billing module, and better test infrastructure.

Organization Feature Flags

Feature flags used to be all-or-nothing across your entire Convoy instance. You can now manage feature flags at the organization level. Go to Settings → Early Adopter Features to enable features like OAuth2 token exchange and mTLS for your organization. Instance admins can also override feature flags for specific organizations from the admin panel.

OAuth2 Authentication for Endpoints

Some endpoints require OAuth2 authentication. Endpoints now support OAuth2 client credentials authentication with shared secret or JWT client assertion. Configure your OAuth2 settings in the endpoint form, and Convoy handles token exchange automatically. This feature requires an enterprise license and the OAuth Token Exchange early adopter feature flag enabled.

Billing Module

We added a billing module that calculates usage from your Convoy data. View monthly usage, manage subscriptions, handle invoices, and set up payment methods, all from the Convoy dashboard. Go to Settings → Usage and Billing to get started. This feature requires a billing module license and billing admin or organization admin role.

E2E Test Infrastructure

We rebuilt our end-to-end test infrastructure to make it more reliable and easier to maintain. Tests now use Docker containers for Redis and PostgreSQL, making them faster and more consistent across environments.

Other Improvements

• UI refresh: We refreshed the dashboard UI with a cleaner design and better navigation
• Batch tracking: Track progress when retrying multiple event deliveries at once
• Admin UI: Instance admins can manage feature flags and circuit breaker configurations from a dedicated admin panel
• Job IDs: All queue jobs now use ULID-based job IDs for better tracking

All features are available now. See the endpoints documentation for OAuth2 configuration details.

We shipped three features this week that make Convoy more reliable for production workloads: broker message ID tracking, mTLS client certificates, and better content type handling.

Broker Message ID Tracking

When events flow through message brokers like Kafka, Google Pub/Sub, SQS, or AMQP, tracking them back to their source message used to be tricky. You'd see an event in Convoy but couldn't easily trace it to the original broker message.

We now capture and store the broker message ID for every event ingested from these brokers. This means you can filter events and deliveries by their original broker message ID, making debugging and tracing much simpler.

mTLS Client Certificate Support

Some endpoints require mutual TLS (mTLS) authentication. You can now configure client certificates directly on your endpoints. When Convoy delivers webhooks, it presents the client certificate for authentication.

Configure your client certificate and key in the endpoint settings. This feature requires an enterprise license.

Form-Encoded Content Type

We added support for application/x-www-form-urlencoded content types. If your endpoint expects form-encoded data instead of JSON, you can now set that in the endpoint configuration.

Other Improvements

• TLS for Redis: Redis connections now support TLS encryption. Set CONVOY_REDIS_TLS_ENABLED=true to enable it.
• Circuit breaker notifications: Fixed an issue where email notifications weren't being sent when circuit breakers activated.
• Configurable root path: You can now configure the root path for Convoy deployments using CONVOY_ROOT_PATH.

All features are available now. See the sources documentation for details on broker message tracking, and the endpoints documentation for mTLS configuration.

We released two features this week: Google SSO and a complete rewrite of how permissions work.

Google SSO

Google Workspace users can sign into Convoy using their Google account, eliminating the need for separate passwords.

Click "Sign in with Google" on the login page. The authentication flow redirects through Google and back to Convoy. First-time users will set up their organization name during the process. Existing accounts with the same email are automatically linked.

Role-Based Access Control

The old permissions setup worked for smaller teams but started breaking down as teams grew. We rebuilt it with five roles:

• Instance Admin — Controls everything across your Convoy instance
• Organization Admin — Runs the organization and all its projects
• Billing Admin — Handles billing only
• Project Admin — One project's settings and resources
• Project Viewer — View-only access to project data

This gives you granular control over who can access and modify resources in your Convoy instance.

Both features are available now. See the Google SSO docs and RBAC guide for implementation details.