Sharing Webhooks & Templates - Discord Webhook Manager

Overview

The Discord Webhook Manager provides robust sharing capabilities for both webhooks and templates, enabling teams to collaborate effectively. This guide covers best practices, workflows, and technical implementation details.

Sharing is only available for registered users. Both the sharer and recipient must have accounts in the system.

Webhooks can be shared with multiple collaborators, each with their own permission level. The sharing process is invitation-based for security and control.

Navigate to Webhook

Open the webhook you want to share. Only owners and admins can access the collaboration settings.

Access Collaborators

Click on the “Collaborators” or “Share” button to open the collaboration management interface.

// CollaboratorController.php:22-40
public function index(Webhook $webhook)
{
    $this->authorize('manageCollaborators', $webhook);
    
    $collaborators = $webhook->collaborators()
        ->with('user:id,name,email')
        ->get();
    
    $pendingInvitations = $webhook->invitations()
        ->where('status', 'pending')
        ->where('expires_at', '>', now())
        ->get();
    
    return Inertia::render('webhooks/collaborators', [
        'webhook' => $webhook->load('owner:id,name,email'),
        'collaborators' => $collaborators,
        'pendingInvitations' => $pendingInvitations,
    ]);
}

Send Invitation

Enter the collaborator’s email address and select their permission level (Admin, Editor, or Viewer).

The email must be associated with an existing account. Users who haven’t registered cannot be invited.

Invitation Sent

The system sends an email notification with a secure invitation link. The invitation expires in 7 days.

Collaborator Accepts

The invited user clicks the link in their email and accepts the invitation. They immediately gain access based on their assigned permission level.

Only users with management privileges can share webhooks:

Webhook Owner

The creator of the webhook has full sharing rights and can invite unlimited collaborators.

Admin Collaborators

Users with Admin permission can also send invitations and manage other collaborators.

// CollaboratorController.php:45-47
public function store(Request $request, Webhook $webhook)
{
    $this->authorize('manageCollaborators', $webhook);
    // ... invitation creation logic
}

Templates use a similar but simplified sharing system with only two permission levels: Edit and View.

Template Permission Levels

Edit

Collaborators can modify template content, change settings, and use the template in messages.

View

Collaborators can view template details and use the template but cannot modify it.

The database schema for template sharing:

-- 2025_12_18_184237_create_template_collaborators_table.php
CREATE TABLE template_collaborators (
    id BIGINT UNSIGNED PRIMARY KEY,
    template_id BIGINT UNSIGNED,
    user_id BIGINT UNSIGNED,
    permission_level ENUM('view', 'edit') DEFAULT 'view',
    created_at TIMESTAMP,
    updated_at TIMESTAMP,
    
    UNIQUE KEY (template_id, user_id),
    FOREIGN KEY (template_id) REFERENCES templates(id) ON DELETE CASCADE,
    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
);

The unique constraint on (template_id, user_id) prevents duplicate collaborations and ensures each user has only one permission level per template.

Collaboration Models

Webhook Collaboration Data

The WebhookCollaborator model tracks all collaboration details:

// WebhookCollaborator.php:10-22
protected $fillable = [
    'webhook_id',
    'user_id',
    'permission_level',
    'invited_by',
    'invited_at',
    'accepted_at',
];

protected $casts = [
    'invited_at' => 'datetime',
    'accepted_at' => 'datetime',
];

Relationship to Webhook

// WebhookCollaborator.php:25-28
public function webhook(): BelongsTo
{
    return $this->belongsTo(Webhook::class);
}

Enables easy access to webhook details from a collaborator record.

Relationship to User

// WebhookCollaborator.php:30-33
public function user(): BelongsTo
{
    return $this->belongsTo(User::class);
}

Links the collaborator to their user account for profile information.

Relationship to Inviter

// WebhookCollaborator.php:35-38
public function inviter(): BelongsTo
{
    return $this->belongsTo(User::class, 'invited_by');
}

Tracks who sent the original invitation for audit purposes.

Managing Shared Resources

Viewing Collaborators

Both webhook owners and admins can view the complete list of collaborators and pending invitations:

// CollaboratorController.php:26-33
$collaborators = $webhook->collaborators()
    ->with('user:id,name,email')
    ->get();

$pendingInvitations = $webhook->invitations()
    ->where('status', 'pending')
    ->where('expires_at', '>', now())
    ->get();

This provides:

Active collaborators with their permission levels
Pending invitations that haven’t been accepted yet
Expired or cancelled invitations are automatically filtered out

Changing Permission Levels

Owners and admins can update collaborator permissions at any time:

// CollaboratorController.php:113-128
public function update(Request $request, Webhook $webhook, WebhookCollaborator $collaborator)
{
    $this->authorize('manageCollaborators', $webhook);
    
    if ($collaborator->webhook_id !== $webhook->id) {
        abort(404);
    }
    
    $validated = $request->validate([
        'permission_level' => 'required|in:admin,editor,viewer',
    ]);
    
    $collaborator->update($validated);
    
    return back()->with('success', 'Permission level updated successfully!');
}

Permission changes take effect immediately. The collaborator’s next action will be governed by their new permission level.

Removing Collaborators

There are two ways to end a collaboration:

Owner/Admin Removal

Owners and admins can remove any collaborator:

// CollaboratorController.php:135-147
public function destroy(Webhook $webhook, WebhookCollaborator $collaborator)
{
    $this->authorize('manageCollaborators', $webhook);
    
    if ($collaborator->webhook_id !== $webhook->id) {
        abort(404);
    }
    
    $collaborator->delete();
    
    return back()->with('success', 'Collaborator removed successfully!');
}

This immediately revokes all access.

Voluntary Leave

Collaborators can leave on their own:

// CollaboratorController.php:152-174
public function leave(Webhook $webhook)
{
    $user = auth()->user();
    
    $collaborator = $webhook->collaborators()
        ->where('user_id', $user->id)
        ->first();
    
    if (!$collaborator) {
        return back()->withErrors(['error' => 'You are not a collaborator of this webhook.']);
    }
    
    if ($webhook->user_id === $user->id) {
        return back()->withErrors(['error' => 'Webhook owner cannot leave.']);
    }
    
    $collaborator->delete();
    
    return redirect()->route('webhooks.index')
        ->with('success', 'You have left the webhook successfully!');
}

The webhook owner cannot leave their own webhook. This prevents orphaned webhooks.

Team Collaboration Patterns

Pattern 1: Hierarchical Teams

Team Lead as Owner

The team lead creates the webhook and serves as the owner.

Senior Members as Admins

Trusted senior team members receive Admin permissions to help manage the webhook and invite others.

Active Members as Editors

Team members who need to send messages and edit settings get Editor permissions.

Stakeholders as Viewers

Stakeholders and observers get Viewer permissions to monitor activity without making changes.

Create Project Webhook

Create a webhook dedicated to a specific project or channel.

Invite Project Team

Invite all project members with Editor permissions.

Grant Admin to Deputies

Give Admin permissions to 1-2 deputy project leads for backup management.

Remove When Complete

When the project ends, remove collaborators or archive the webhook.

Pattern 3: Department Templates

Create Department Templates

Create standard message templates for common department communications.

Share with Edit Permission

Share with department heads using Edit permission to maintain templates.

Share with View Permission

Share with all team members using View permission so they can use but not modify templates.

Regular Review

Schedule regular reviews to update templates and manage access.

Security Best Practices

Minimum Necessary Access

Always assign the lowest permission level needed for the user’s role. Start with Viewer and upgrade only when necessary.

Regular Access Audits

Review collaborator lists monthly to remove users who no longer need access.

Limit Admin Permissions

Only grant Admin permission to trusted individuals who need to manage collaborators.

Monitor Pending Invitations

Regularly check and cancel unused pending invitations to prevent unauthorized access.

Document Access Reasons

Maintain external documentation of why each user has access, especially for Admins.

Rotate Sensitive Webhooks

For high-security webhooks, periodically review and rotate the Discord webhook URL if needed.

Invitation Validation

The system performs multiple validation checks before creating invitations:

// CollaboratorController.php:49-92
$validated = $request->validate([
    'email' => 'required|email',
    'permission_level' => 'required|in:admin,editor,viewer',
]);

// Check if user exists
$invitee = User::where('email', $validated['email'])->first();
if (!$invitee) {
    return back()->withErrors([
        'email' => 'No user found with this email address.',
    ]);
}

// Check if user is the owner
if ($invitee->id === $webhook->user_id) {
    return back()->withErrors([
        'email' => 'You cannot invite yourself as a collaborator.',
    ]);
}

// Check if already a collaborator
$existingCollaborator = $webhook->collaborators()
    ->where('user_id', $invitee->id)
    ->first();
if ($existingCollaborator) {
    return back()->withErrors([
        'email' => 'This user is already a collaborator.',
    ]);
}

// Check if there's a pending invitation
$existingInvitation = $webhook->invitations()
    ->where('invitee_email', $validated['email'])
    ->where('status', 'pending')
    ->where('expires_at', '>', now())
    ->first();
if ($existingInvitation) {
    return back()->withErrors([
        'email' => 'There is already a pending invitation for this user.',
    ]);
}

These checks prevent:

Inviting non-existent users
Self-invitations
Duplicate collaborations
Multiple pending invitations to the same user

Collaboration Lifecycle

Use Cases

Use Case 1: Marketing Team

Scenario: A marketing team needs to manage Discord announcements for product launches.

Setup

Marketing manager creates a webhook for the announcements channel and templates for different launch types.

Team Access

Marketing manager: Owner
Senior marketers (2): Admin
Content creators (5): Editor
Stakeholders (3): Viewer

Workflow

Content creators draft messages using templates, senior marketers review and approve, manager oversees all activities.

Use Case 2: Customer Support

Scenario: Support team needs to send status updates to a Discord community.

Setup

Support lead creates a webhook and templates for common update types (maintenance, outage, resolved).

Team Access

Support lead: Owner
Team leads (2): Admin
Support agents (10): Editor
Management (2): Viewer

Workflow

Support agents send updates using templates, team leads manage access and monitor activity, management reviews history.

Use Case 3: Development Team

Scenario: Dev team needs to send deployment notifications.

Setup

Tech lead creates webhooks for staging and production notification channels.

Team Access

Tech lead: Owner
Senior developers (3): Admin
Developers (8): Editor
QA team (4): Viewer

Workflow

Developers send deployment notifications, seniors manage the webhooks, QA monitors deployments.

Troubleshooting

Cannot share webhook

Invitation not received

Check that:

The email address is correct and registered
Email isn’t in spam/junk folder
The invitation hasn’t expired (7 day limit)
A pending invitation doesn’t already exist

Cannot remove collaborator

Ensure you’re an owner or admin. Editors and viewers cannot remove collaborators. Also, owners cannot remove themselves.

Permission changes not working

Permission changes are immediate. If issues persist:

Refresh the page
Have the collaborator log out and back in
Check browser cache
Verify the permission change was saved (check the collaborators list)

User already a collaborator error

This user already has access to the webhook. To change their permission level, use the “Update Permission” function instead of sending a new invitation.

Database Constraints

The database enforces data integrity through various constraints:

Unique Constraints

-- Webhook collaborators: one permission per user per webhook
UNIQUE KEY (webhook_id, user_id)

-- Template collaborators: one permission per user per template
UNIQUE KEY (template_id, user_id)

Foreign Key Constraints

-- All relationships cascade on delete
FOREIGN KEY (webhook_id) REFERENCES webhooks(id) ON DELETE CASCADE
FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
FOREIGN KEY (invited_by) REFERENCES users(id) ON DELETE CASCADE

When a webhook is deleted, all collaborator records and invitations are automatically deleted. When a user account is deleted, all their collaborations are removed.

Performance Considerations

Efficient Queries

The system uses eager loading to prevent N+1 queries:

// Load collaborators with user details in one query
$collaborators = $webhook->collaborators()
    ->with('user:id,name,email')
    ->get();

// Load pending invitations with relationships
$invitations = Invitation::where('invitee_email', auth()->user()->email)
    ->where('status', 'pending')
    ->where('expires_at', '>', now())
    ->with(['webhook:id,name,description', 'inviter:id,name'])
    ->latest()
    ->get();

Indexes

The database includes strategic indexes for common queries:

-- Webhook collaborators
INDEX (webhook_id)
INDEX (user_id)

-- Invitations
INDEX (webhook_id)
INDEX (invitee_email)
INDEX (status)
INDEX (token)

Next Steps

Team Invitations

Detailed guide on the invitation workflow and management

Permissions

Complete permission matrix and authorization details

Webhooks Guide

Learn about webhook creation and management

Templates Guide

Create and manage reusable message templates

Get Started

Core Features

Collaboration

Advanced

Deployment

​Overview