Pact Broker webhook failed to trigger provider verification in CI
A broker webhook fires on events like "contract requiring verification published" to kick off provider verification. When the webhook request fails, the provider never verifies the new pact, so can-i-deploy stays blocked.
What this error means
The broker webhook log shows a non-2xx response or a connection error for the CI trigger URL, and no provider verification build starts for the new pact.
Webhook execution for event "contract_requiring_verification_published"
POST https://api.github.com/repos/acme/orders-provider/dispatches
Response: 401 UnauthorizedCommon causes
The webhook credentials are wrong or expired
The token the webhook uses to call the CI dispatch API is missing scope or has expired, so the trigger returns 401/403.
The target URL or payload is incorrect
A wrong repository dispatch URL or malformed body makes the CI provider reject the webhook request.
How to fix it
Fix the webhook credentials and target
- Open the webhook execution log in the broker to see the response.
- Update the stored token to one with dispatch scope.
- Correct the URL and payload, then re-test the webhook.
pact-broker test-webhook \
--uuid <webhook-uuid> \
--broker-base-url "$PACT_BROKER_BASE_URL"Verify on a schedule as a fallback
Run provider verification on a scheduled CI job as well, so a missed webhook does not permanently block deploys.
How to prevent it
- Keep webhook tokens scoped and rotated, stored in the broker secret store.
- Test webhooks after any credential or URL change.
- Add a scheduled provider verification as a safety net.