Frequently Asked Questions

Sign up at app.zen-mesh.io to create your free account. After confirming your email, you can:

1. Create a webhook endpoint in the dashboard
2. Copy the endpoint URL and configure it as your webhook receiver in your provider (Stripe, GitHub, Twilio, etc.)
3. Deploy zen-egress in your private environment (Docker or Kubernetes)

After configuring your endpoint, provider secret, and private-side runtime, webhooks will be delivered to your private service. No firewall changes required.

Edge Lite is our Docker-first runtime for local development and evaluation. It's a single container you can run locally to test the full delivery flow without deploying to Kubernetes.

Full deployment uses our managed control plane with zen-egress deployed in your Kubernetes cluster. This provides:

• Managed endpoint routing and scaling
• Centralized configuration and monitoring
• Multi-environment support (dev, staging, production)
• Team collaboration features

No. Zen Mesh uses an outbound-only delivery model. Your private services connect out to our data plane — no inbound ports need to be opened.

This is the core innovation: your internal services don't need to expose any ports to the public internet, eliminating a major attack surface.

The data-plane path between zen-ingester and zen-egress is protected with:

• mTLS — mutual TLS authentication between all components
• SPIFFE/SPIRE — workload identity for automated certificate management
• HMAC — message authentication to detect tampering

These protections are mandatory and non-negotiable on the data-plane path, not optional or configurable.

The architecture is designed so the control plane does not need to see customer payloads. Payloads flow through the data plane (ingester → egress) without being stored or processed by our SaaS control plane.

However, for debugging and support, customers can optionally enable payload logging with sensitive field redaction.

Zen Mesh processes webhook events as transient data in flight. Payloads are processed during delivery and cleared according to our retention schedule. We do not use customer payloads for training or profiling.

For more details, see our Privacy Policy.

Zen Mesh is not yet SOC 2 certified. We're currently building out our compliance program. For enterprise customers with specific compliance requirements, please contact us at enterprise@zen-mesh.io.

Zen Mesh works with any HTTP webhook provider. For providers with signature verification (HMAC), we support:

• Stripe
• GitHub
• Twilio
• Shopify
• Custom signature schemes

For providers without built-in signatures, you can configure custom HMAC verification or use our basic security defaults.

Yes. You can configure any HTTP endpoint as a webhook source. Simply point your custom webhook emitter at the Zen Mesh endpoint URL we provide.

We support custom headers and payload formats — just configure the expected format in your endpoint settings.

Provider Template Packs are reusable packages for common webhook sources that provide structured defaults for:

• Endpoint setup and configuration
• Provider-specific signature verification (HMAC)
• Event classification and transformation
• Recommended flows and routing patterns
• Retry and dead-letter queue posture
• Operational visibility and observability

Packs accelerate initial setup while preserving full user control over endpoint configuration, target routing, and custom flows.

No. Provider Template Packs are optional and designed to accelerate setup. You can:

• Use a pack for faster onboarding with sensible defaults
• Create custom endpoints without using any pack
• Mix and match — use a pack for one provider and custom config for another

Packs do not remove user control. All endpoints, targets, and flows remain configurable regardless of whether you use a pack.

Yes. Zen Mesh supports custom signed webhooks through the base transform package which provides HMAC signature validation. You can configure custom header names and secrets for signature verification.

Provider Template Packs starting with Stripe, GitHub, Shopify, and Twilio include pre-built signature validation. Custom signed webhooks work with the same security model.

Zen Mesh has a free forever plan for development and evaluation. It includes:

• Free for development and evaluation
• 1 environment
• Community support

Pro and Enterprise plans with additional features are coming soon. Business and Enterprise plans are contact-us for enterprise requirements.

Yes! We offer a 6-month Pro trial for new accounts. This gives you access to advanced features like multi-environment support, team collaboration, and priority support.

No credit card required to start the trial.

Zen Mesh supports:

• Kubernetes — via our Helm chart (the intended path for teams moving beyond local evaluation)
• Docker — single container for local dev and Edge Lite
• Docker Compose — for local multi-component testing

Production use requires an applicable plan and approved operational, trust, and legal controls.

Typical latency overhead is under 10ms for the Zen Mesh delivery path. The data-plane connection is kept warm via persistent connections, avoiding connection setup latency on each delivery.

Your actual end-to-end latency depends on your provider's retry behavior and your target service's processing time.

Yes. Zen Mesh implements automatic retry with exponential backoff for failed deliveries. You can configure:

• Maximum retry attempts
• Backoff schedule
• Dead letter queue behavior

All retries are logged and visible in your dashboard.

Yes. You can run the full Zen Mesh stack on your own infrastructure. Contact enterprise@zen-mesh.io for on-premise deployment options and pricing.

Check these common issues:

1. Endpoint configuration — Verify your provider is sending to the correct Zen Mesh endpoint URL
2. Connection status — Check that zen-egress is running and can reach the data plane
3. Logs — Review delivery logs in your dashboard for specific error messages
4. Target availability — Ensure your private service is reachable from zen-egress

Use the dashboard to:

• View delivery logs with timestamps and status codes
• See retry history for failed attempts
• Enable debug mode for scoped payload review (authorized users only)

For advanced debugging, check the zen-egress container logs directly.

You have several options:

• Documentation — docs.zen-mesh.io
• Community support — Email support@zen-mesh.io
• Enterprise — enterprise@zen-mesh.io for dedicated support