Webhooks
Register HTTPS endpoints to receive events. Manage them with POST/GET /v1/webhooks,
PATCH/DELETE /v1/webhooks/{id}, inspect GET /v1/webhooks/{id}/deliveries, and re-fire
with POST /v1/webhooks/{id}/deliveries/{delivery_id}/replay.
Payload & signature​
Each delivery is POSTed as JSON { "event", "timestamp", "data" } with headers:
| Header | Meaning |
|---|---|
X-Wapower-Event | the event type |
X-Wapower-Delivery-Id | unique per delivery — dedupe on this (at-least-once) |
X-Wapower-Signature | HMAC-SHA256 of the exact request body, keyed by your endpoint secret |
Verify the signature by recomputing HMAC-SHA256 over the raw body with your secret and
comparing in constant time. Failed deliveries retry with backoff until max_attempts.
Events​
message.sent, message.blocked_by_protection, session.status, session.banned,
session.warmup.disabled, warmup.stage.advanced, protection.state.changed,
session.risk.alert. Subscribe to specific types or *.