Webhooks
Webhook endpoints receive real-time HTTP callbacks when events occur in SpeyBooks. Each endpoint subscribes to specific event types and receives signed payloads for verification.
Security
Every endpoint has a signing secret (whsec_...) used to compute an HMAC-SHA256 signature on each delivery payload. Verify the X-SpeyBooks-Signature header against the payload to ensure authenticity. Secrets can be rotated without downtime.
Events
Available event types:
invoice.created,invoice.sent,invoice.paid,invoice.overdue,invoice.cancelledquote.created,quote.accepted,quote.rejectedcontact.created,contact.updatedtransaction.created,transaction.postedpayment.received
Delivery
Deliveries are attempted with automatic retries on failure. The delivery log tracks each attempt including response status, duration, and success/failure state.
Limits
- Maximum 5 webhook endpoints per organisation
- Each endpoint must subscribe to at least one event
- URLs must be valid HTTPS endpoints (max 2048 characters)
Endpoints
GET
https://app.speybooks.com/api/v1/webhook-endpoints/ List webhook endpoints POST https://app.speybooks.com/api/v1/webhook-endpoints/ Create webhook endpoint PATCH https://app.speybooks.com/api/v1/webhook-endpoints/{id} Update webhook endpoint DELETE https://app.speybooks.com/api/v1/webhook-endpoints/{id} Delete webhook endpoint GET https://app.speybooks.com/api/v1/webhook-endpoints/{id}/deliveries Webhook delivery log POST https://app.speybooks.com/api/v1/webhook-endpoints/{id}/rotate Rotate webhook signing secret