Documentation Index
Fetch the complete documentation index at: https://docs.secapi.ai/llms.txt
Use this file to discover all available pages before exploring further.
Webhook Delivery SLA
SEC API guarantees 99.9% webhook delivery for all configured endpoints.
Delivery Guarantee
| Metric | Target |
|---|
| Delivery rate | 99.9% |
| First attempt latency | < 5 seconds from event |
| Retry window | 72 hours |
| Max retry attempts | 8 (exponential backoff) |
| Payload signing | HMAC-SHA256 on every delivery |
Retry Policy
Failed deliveries are retried with exponential backoff:
| Attempt | Delay |
|---|
| 1 | Immediate |
| 2 | 30 seconds |
| 3 | 2 minutes |
| 4 | 10 minutes |
| 5 | 1 hour |
| 6 | 4 hours |
| 7 | 12 hours |
| 8 | 24 hours |
failed and can be manually replayed.
Signed Payloads
Every webhook delivery includes an secapi-signature header with an HMAC-SHA256 signature. Verify the signature to ensure the payload is authentic:
import { createHmac, timingSafeEqual } from "crypto"
function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean {
const expected = createHmac("sha256", secret).update(payload).digest("hex")
if (signature.length !== expected.length) return false
return timingSafeEqual(Buffer.from(signature), Buffer.from(expected))
}
Event Types
| Event | Description | Trigger |
|---|
filing.published | New SEC filing detected | RSS poller detects new filing |
enforcement.published | New enforcement action | Daily enforcement sync |
monitor.match | Saved search has new matches | Monitor evaluation cycle |
billing.budget.threshold | Budget threshold crossed | 75%, 90%, 95%, 100% of spend cap |
Delivery Audit
Every delivery attempt is logged and queryable:
# List recent deliveries
curl "https://api.secapi.ai/v1/webhook_endpoints/{id}/deliveries?limit=10" \
-H "x-api-key: $SECAPI_API_KEY"
# Replay a failed delivery
curl -X POST "https://api.secapi.ai/v1/webhook_endpoints/{id}/deliveries/{delivery_id}/replay" \
-H "x-api-key: $SECAPI_API_KEY"
Monitoring
Track webhook health from the delivery history endpoint. Store delivery IDs and request IDs so failed events can be replayed without guessing which payload failed.
Secret Rotation
Rotate your webhook signing secret without downtime:
curl -X POST "https://api.secapi.ai/v1/webhook_endpoints/{id}/rotate_secret" \
-H "x-api-key: $SECAPI_API_KEY"