Skip to content
Latchkey

Pact Broker webhook failed to trigger provider verification in CI

A broker webhook fires on events like "contract requiring verification published" to kick off provider verification. When the webhook request fails, the provider never verifies the new pact, so can-i-deploy stays blocked.

What this error means

The broker webhook log shows a non-2xx response or a connection error for the CI trigger URL, and no provider verification build starts for the new pact.

Pact Broker
Webhook execution for event "contract_requiring_verification_published"
POST https://api.github.com/repos/acme/orders-provider/dispatches
Response: 401 Unauthorized

Common causes

The webhook credentials are wrong or expired

The token the webhook uses to call the CI dispatch API is missing scope or has expired, so the trigger returns 401/403.

The target URL or payload is incorrect

A wrong repository dispatch URL or malformed body makes the CI provider reject the webhook request.

How to fix it

Fix the webhook credentials and target

  1. Open the webhook execution log in the broker to see the response.
  2. Update the stored token to one with dispatch scope.
  3. Correct the URL and payload, then re-test the webhook.
Terminal
pact-broker test-webhook \
  --uuid <webhook-uuid> \
  --broker-base-url "$PACT_BROKER_BASE_URL"

Verify on a schedule as a fallback

Run provider verification on a scheduled CI job as well, so a missed webhook does not permanently block deploys.

How to prevent it

  • Keep webhook tokens scoped and rotated, stored in the broker secret store.
  • Test webhooks after any credential or URL change.
  • Add a scheduled provider verification as a safety net.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →