accountis the name (subdomain) of the account generating the webhook - useful in case you're pointing webhooks from various accounts at the same endpoint;
stateis a string representation of the run state at the time of the notification being triggered;
stateVersionis the ordinal number of the state, which can be used to ensure that notifications that may be sent or received out-of-order are correctly processed;
timestampis the unix timestamp of the state transition;
runcontains information about the run, its associated commit and delta (if any);
X-Signatureheader contains the SHA1 hash of the payload, while
X-Signature-256contains the SHA256 hash. We're using the exact same mechanism as GitHub to generate signatures, please refer to this article for details.