← Back to Docs
Webhooks
Receive real-time HTTP callbacks for notification events.
Events
| Event | Triggered When |
|---|---|
| notification.delivered | Push notification successfully delivered via APNs |
| notification.failed | Push notification delivery failed |
Payload
{
"event": "notification.delivered",
"data": {
"notificationId": "clx...",
"deviceToken": "a1b2c3...",
"deliveredAt": "2026-02-15T12:05:01.234Z"
},
"timestamp": "2026-02-15T12:05:01.500Z",
"webhookId": "clx..."
}Headers
| Header | Description |
|---|---|
| Content-Type | application/json |
| X-Webhook-Event | Event name |
| X-Webhook-ID | Webhook ID |
| X-Webhook-Signature | HMAC-SHA256 signature (if secret is set) |
Signature Verification
If your webhook has a secret, verify the HMAC-SHA256 signature to ensure the payload is authentic:
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return `sha256=${expected}` === signature;
}
// In your webhook handler:
const isValid = verifyWebhook(
req.body,
req.headers['x-webhook-signature'],
'your_webhook_secret'
);Retry Policy
Failed deliveries are retried up to 5 times with exponential backoff (10s, 20s, 40s, 80s, 160s). A delivery is considered failed if your endpoint returns a non-2xx status or doesn't respond within 10 seconds.