API Reference
Webhooks API
Receive real-time event notifications from your account.
Webhooks push events to a URL you configure. Use them to keep external systems in sync with state changes in your account — new users, payment events, subscription changes, and more.
Authentication
Signing requests
Every webhook request includes an X-Signature header containing an HMAC-SHA256 of the raw request body, keyed by your webhook secret. Verify this signature before processing any event.
import hmac, hashlib
def verify(body: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
return hmac.compare_digest(expected, signature)
Event types
Supported events
| Event | Since | Retries | Status |
|---|---|---|---|
| user.created | v1.0 | 3 | GA |
| user.deleted | v1.0 | 3 | GA |
| invoice.paid | v1.2 | 5 | GA |
| invoice.failed | v1.2 | 5 | GA |
| subscription.upgraded | v2.0 | 3 | GA |
| subscription.canceled | v2.0 | 3 | GA |
| trial.ending | v2.4 | 1 | Beta |
Examples
Integration snippets
app.post('/webhook', (req, res) => {
if (!verify(req.rawBody, req.headers['x-signature'], SECRET)) {
return res.status(401).end();
}
const event = req.body;
handlers[event.type]?.(event.data);
res.status(200).end();
});
@app.route('/webhook', methods=['POST'])
def webhook():
if not verify(request.data, request.headers['X-Signature'], SECRET):
return '', 401
event = request.json
handlers.get(event['type'], noop)(event['data'])
return '', 200
func webhookHandler(w http.ResponseWriter, r *http.Request) {
body, _ := io.ReadAll(r.Body)
if !verify(body, r.Header.Get("X-Signature"), secret) {
http.Error(w, "unauthorized", http.StatusUnauthorized)
return
}
var event Event
json.Unmarshal(body, &event)
handle(event)
w.WriteHeader(http.StatusOK)
}
Idempotency
Deliveries may retry on failure. Use the event.id field as an idempotency key — we guarantee it's unique across all deliveries of the same event.
Next up
Other example pages — KBs, decks, landing pages, meeting briefs, API references, dashboards from live data.