Webhook Events Reference
invoice.created, service.provisioned, service.suspended
What it is
Outgoing webhooks send HTTP POST requests to your URL when events occur. Each payload includes event, data, and timestamp. Verify the request using the X-Webhook-Signature header (HMAC-SHA256 of raw body with your webhook secret).
Payload format
{
"event": "invoice.paid",
"data": {
"invoice_id": 123,
"uuid": "abc-123",
"amount": 29.99
},
"timestamp": "2024-01-15T10:30:00+00:00"
}Available events
| Event | When triggered | Data fields |
|---|---|---|
invoice.created | New invoice created via API | invoice_id, uuid |
invoice.paid | Invoice marked as paid | invoice_id, uuid, amount |
service.created | New service created via API | service_id, uuid |
service.provisioned | Service provisioned (hosting account created) | service_id, uuid |
service.suspended | Service suspended | service_id, uuid |
Signature verification
Header: X-Webhook-Signature. Value is hash_hmac('sha256', $rawBody, $secret). Compare with constant-time comparison (hash_equals).
Creating webhooks
Use POST /api/v1/webhooks with {"name":"My Webhook","url":"https://...","events":["invoice.paid","service.provisioned"]}. The response includes secret—store it securely; it is not shown again.
Was this helpful?