Webhook lifecycle
- Create an org-scoped webhook endpoint with
POST /v1/webhook_endpoints - Store the returned
signingSecretat creation time or after a secret rotation - Verify inbound signatures using the raw request body plus
x-secapi-signature-timestamp - Use
POST /v1/webhook_endpoints/{webhook_id}/rotate_secretwhen a secret is exposed or stale - Inspect recent attempts with
GET /v1/webhook_endpoints/{webhook_id}/deliveries - Replay a failed attempt with
POST /v1/webhook_endpoints/{webhook_id}/deliveries/{delivery_id}/replay
Stream lifecycle
- Create a stream subscription with
POST /v1/stream_subscriptions - Subscribe to the smallest event set that supports the workflow
- Track the returned
cursorandlastEventAtfields for replay and polling - Use
GET /v1/delivery/eventsfor cross-surface delivery history andGET /v1/stream_subscriptions/{stream_id}/eventsfor subscription-specific polling
Event types
UseGET /v1/event_types?status=public_emitting as the source of truth for event names, producer status, replay support, retention, and billing family. Reserved event types are intentionally excluded from this public filter until their producers are shipping.
Example CLI usage
delivery_events. Customer monitor email notifications are billed through the separate email_notifications meter.
