Webhooks (outbound)

GET /v1/webhooks

Get current webhook config.

PUT /v1/webhooks

Create/update webhook config. Body

{
  "url": "https://example.com/webhooks",
  "enabled": true,
  "events": [
    "order.created",
    "order.ticketed",
    "order.failed",
    "refund.created",
    "wallet.updated"
  ],
  "rotateSecret": false
}

Response

{
  "webhook": {
    "url": "...",
    "enabled": true,
    "events": [...],
    "secret": "base64-...",
    "updatedAt": "..."
  }
}

Delivery format

{
  "id": "uuid",
  "type": "order.ticketed",
  "created_at": "2026-02-20T16:25:51.293Z",
  "data": { ... }
}

Signature verification

Each delivery includes:

x-webhook-id
x-webhook-event
x-webhook-timestamp
x-webhook-signature

Signature is:

HMAC_SHA256(secret, `${timestamp}.${payload}`)

Overview

API reference

Webhooks

Webhooks (outbound)

GET /v1/webhooks

PUT /v1/webhooks

Delivery format

Signature verification

Overview

API reference

​Webhooks (outbound)

​GET /v1/webhooks

​PUT /v1/webhooks

​Delivery format

​Signature verification

Webhooks (outbound)

GET /v1/webhooks

PUT /v1/webhooks

Delivery format

Signature verification