Skip to main content

Webhook Integration

Webhooks let the Connect API notify your systems about events as they happen — for example, when an attendee joins an event or a ticket is successfully issued. Instead of polling our API on a schedule, you expose an HTTPS endpoint that we POST to whenever something interesting occurs.

This section walks through everything you need to build a reliable webhook consumer:

  • Consuming Webhooks — Register an endpoint, subscribe to events, and understand what payloads look like when they arrive.
  • Why Verify Webhooks — The security reasons every webhook endpoint on the public internet should verify incoming requests.
  • Verifying Webhook Signatures — A language-agnostic walkthrough for validating the signature we send with each delivery.
  • Retries and Failure Handling — How we retry failed deliveries, what counts as a failure, and how to handle duplicates.
  • FAQ — Quick answers to the most common questions we get from integrators.

At a glance

  • Webhooks are delivered as HTTPS POST requests with a JSON body.
  • Each request is signed with an HMAC-SHA256 signature you can verify using a per-endpoint secret.
  • We retry failed deliveries with an exponential backoff over roughly 24 hours.
  • Supported event types are listed in the API reference and can be subscribed to per endpoint.

If you're starting from scratch, head to Consuming Webhooks.