Skip to main content
Webhooks allow you to receive real-time notifications when events occur in your tenant.

Setting Up Webhooks

  1. Create Webhook Endpoint
curl -X POST https://cp.gosentrix.io/api/v1/tenants/{tenant_id}/webhooks \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "url": "https://example.com/webhook",
    "events": ["user.created", "user.updated"],
    "secret": "your-webhook-secret"
  }'
  1. Verify Webhook Signature
Webhooks include an HMAC signature in the X-Webhook-Signature header: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const hmac = crypto.createHmac('sha256', secret);
  const digest = hmac.update(payload).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(digest)
  );
}
  1. Handle Events
Process incoming webhook events and respond with 200 OK within 5 seconds.

Webhook Events

See Webhook Events Reference for available events.

Retries

Failed webhook deliveries are automatically retried. See Webhook Retries for details.

Security

  • Always verify webhook signatures
  • Use HTTPS for webhook URLs
  • Rotate webhook secrets regularly
  • Validate event payloads