Skip to main content

Webhooks (outbound)

GET /v1/webhooks

Get current webhook config.

PUT /v1/webhooks

Create/update webhook config. Body
{
  "url": "https://example.com/webhooks",
  "enabled": true,
  "events": [
    "order.created",
    "order.ticketed",
    "order.failed",
    "refund.created",
    "wallet.updated"
  ],
  "rotateSecret": false
}
Response
{
  "webhook": {
    "url": "...",
    "enabled": true,
    "events": [...],
    "secret": "base64-...",
    "updatedAt": "..."
  }
}

Delivery format

{
  "id": "uuid",
  "type": "order.ticketed",
  "created_at": "2026-02-20T16:25:51.293Z",
  "data": { ... }
}

Signature verification

Each delivery includes:
  • x-webhook-id
  • x-webhook-event
  • x-webhook-timestamp
  • x-webhook-signature
Signature is:
HMAC_SHA256(secret, `${timestamp}.${payload}`)