Webhooks API
Receive real-time notifications when events occur in ScendCore. Subscribe a URL to specific events, and ScendCore will POST to it whenever those events fire.
Subscribe to Events
POST /api/v1/webhooks/subscribeScope: webhooks:write
Request Body
{
"url": "https://your-app.com/webhooks/scendcore",
"events": ["contact.created", "opportunity.updated", "meeting.booked"],
"secret": "your-webhook-secret"
}| Field | Required | Description |
|---|---|---|
url | Yes | HTTPS URL to receive webhook events |
events | Yes | Array of event types to subscribe to |
secret | No | HMAC-SHA256 signing secret for verifying payloads |
Response (201)
{
"subscription": {
"id": "uuid",
"url": "https://your-app.com/webhooks/scendcore",
"events": ["contact.created", "opportunity.updated", "meeting.booked"],
"is_active": true
}
}List Subscriptions
GET /api/v1/webhooks/subscribeScope: webhooks:write
Response
{
"subscriptions": [
{
"id": "uuid",
"url": "https://...",
"events": ["contact.created"],
"is_active": true,
"failure_count": 0,
"last_triggered_at": "2026-03-26T10:00:00Z"
}
],
"available_events": ["contact.created", "contact.updated", ...]
}Available Events
| Event | Fires When |
|---|---|
contact.created | A new contact is created |
contact.updated | A contact is updated |
opportunity.created | A new opportunity is created |
opportunity.updated | An opportunity is updated |
opportunity.stage_changed | An opportunity changes stage |
meeting.booked | A meeting is booked |
meeting.cancelled | A meeting is cancelled |
meeting.no_show | A meeting is marked as no-show |
sequence.enrolled | A contact is enrolled in a sequence |
sequence.completed | A contact completes a sequence |
sequence.unenrolled | A contact is removed from a sequence |
conversation.created | A new conversation starts |
conversation.override | A human takes over a conversation |
call.completed | A voice call ends |
call.quality_scored | A call’s quality score is calculated |
Webhook Payload
{
"event": "contact.created",
"timestamp": "2026-03-26T10:00:00Z",
"tenant_id": "uuid",
"data": {
"contact_id": "uuid",
"email": "john@acme.com",
"name": "John Smith",
"company": "Acme Corp"
}
}Verifying Signatures
If you provided a secret when subscribing, ScendCore signs every payload using HMAC-SHA256.
The signature is in the X-ScendCore-Signature header:
X-ScendCore-Signature: sha256=abcdef123456...Verification (Node.js)
const crypto = require('crypto');
function verifySignature(body, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Reliability
- Webhooks are delivered with a 10-second timeout
- Failed deliveries increment a failure counter
- After 10 consecutive failures, the subscription is automatically disabled
- Check
failure_countvia GET /webhooks/subscribe to monitor health - Maximum 10 active subscriptions per tenant
Last updated on