PlatformXeDocs
Get API Key

Webhooks Overview

Outbound webhook delivery with exponential retry, HMAC signatures, and dead-letter queue.

The PlatformXe Webhooks Service delivers event notifications to your application via HTTP callbacks. When an event occurs in PlatformXe (email sent, file uploaded, permission changed), a signed payload is sent to your configured endpoint.

How it works

  1. You register a webhook URL and select which event types to subscribe to.
  2. When a matching event fires, PlatformXe sends an HTTP POST to your URL with a signed JSON payload.
  3. Your endpoint returns a 2xx status to acknowledge receipt.
  4. If delivery fails, PlatformXe retries with exponential backoff.
  5. After all retry attempts are exhausted, the payload moves to a dead-letter queue for manual inspection.

Key features

  • Event-based subscriptions -- subscribe to specific event types, not all-or-nothing
  • HMAC-SHA256 signatures -- every payload is signed so you can verify authenticity
  • Exponential retry -- failed deliveries are retried up to 8 times with increasing delays
  • Dead-letter queue -- undeliverable payloads are captured for manual replay
  • Replay protection -- timestamp headers prevent replay attacks
  • Secret auto-generation -- webhook signing secrets are generated automatically on creation

Retry schedule

AttemptDelay
1Immediate
230 seconds
32 minutes
410 minutes
530 minutes
61 hour
74 hours
812 hours

After the 8th failed attempt, the payload moves to the dead-letter queue.

Your endpoint must respond within 10 seconds with a 2xx status code. Timeouts and non-2xx responses are treated as failures and trigger a retry.

API scope

All webhook management endpoints require the webhooks:manage scope on your API key.

Endpoints

MethodPathDescription
GET/api/v1/webhooksList all webhooks
POST/api/v1/webhooksCreate a webhook
PATCH/api/v1/webhooks/:idUpdate a webhook
DELETE/api/v1/webhooks/:idDelete a webhook

Next steps