Integrations
Connect WordPress, configure webhooks, manage API keys for outbound delivery.
Integrations live at /app/settings?section=integrations. Owner only — admins can view, not change.
What you can integrate
WordPress
One-click publishing into a connected WordPress site. Pro / Business Pro / Enterprise only.
Webhooks
HMAC-signed POSTs to your endpoint when stories are published, reviewed, or rejected. All paid plans.
API keys
Issue keys for tenant-scoped read access (e.g. for the WordPress plugin or a custom delivery script).
WordPress
The WordPress integration is OAuth-style. You connect a WordPress site once; HermesAI sends drafts to it on demand.
Click Connect WordPress site
Plan must include WordPress delivery (Pro, Business Pro, Enterprise). Otherwise the button shows the upgrade prompt.
Authorise on WordPress
HermesAI redirects to your WordPress admin. Sign in and approve the connection.
Confirm site details
HermesAI shows the connected site URL, the WordPress user who authorised, and the timestamp. Save.
Map categories (optional)
Map HermesAI categories to WordPress categories. Unmapped categories use a default category you set.
Test
Send a test post — a placeholder draft to confirm the connection works end-to-end.
Why drafts, not published
HermesAI delivers to WordPress as draft posts by default. This keeps final publish timing in your hands. WordPress users see a normal draft they can preview, edit, and schedule.
Disconnecting
From integrations, click Disconnect. The connection is removed immediately; future deliveries fail until reconnected. Existing posts already in WordPress are unaffected.
Webhooks
Webhooks deliver story events to any HTTPS endpoint you choose.
Add a webhook URL
HermesAI validates that the URL responds with 2xx to a probe before saving.
Choose events
story.published is the most common. You can also subscribe to:
story.in_review— fired when a draft is submitted.story.rejected— fired when a reviewer rejects.story.approved— alias forstory.published.alert.fired— when a monitoring rule matches.
Note the signing secret
HermesAI generates an HMAC-SHA256 signing secret per webhook. Shown once; copy it.
Verify signatures server-side
Every delivery includes an x-hermes-signature header. Verify with HMAC-SHA256(secret, body) before processing.
Test
Click Send test event to fire a sample payload. Check your endpoint received it.
Webhook payload (story.published)
{
"event": "story.published",
"tenantId": "...",
"storyId": "...",
"publishedAt": "2026-05-08T07:00:00Z",
"headline": "...",
"body": "...",
"category": "...",
"language": "el",
"sources": [{ "name": "...", "url": "...", "tier": 1 }],
"confidence": 0.86,
"sensitive": false
}Reliability
Retries on failure
HermesAI retries non-2xx deliveries with exponential backoff for up to 24 hours. After that the delivery is marked failed and surfaced in the webhook log; you can replay it manually.
Webhook log
Every delivery is recorded in /app/monitoring → Webhook logs:
- timestamp,
- event type,
- target URL,
- response status,
- response body (truncated),
- replay-safe payload archive.
API keys
API keys provide tenant-scoped read access. The most common use is the WordPress plugin pulling published stories.
Click Create API key
Give the key a name (e.g. "WordPress plugin", "Slack delivery"). HermesAI generates the full key value.
Copy the value once
The full key is displayed once at creation. After this, only a masked prefix is visible.
Rotate or revoke
From the API keys list, you can rotate (generate a new value) or revoke (delete) any key.
Treat keys like passwords
API keys carry tenant-scoped access. Don't commit them to source control, share them in chat, or log them. Revoke + rotate immediately if a key leaks.