Webhooks
Webhook endpoints receive real-time HTTP callbacks when events occur in SpeyBooks. Each endpoint subscribes to specific event types and receives signed payloads for verification.
Security
Every endpoint has a signing secret (whsec_...) used to compute
an HMAC-SHA256 signature on each delivery payload. Verify the
X-SpeyBooks-Signature header against the payload to ensure
authenticity. Secrets can be rotated without downtime.
Events
Available event types:
invoice.created,invoice.sent,invoice.paid,invoice.cancelledpayment.received
Delivery
Deliveries are attempted with automatic retries on failure. The delivery log tracks each attempt including response status, duration, and success/failure state.
Limits
- Maximum 5 webhook endpoints per organisation
- Each endpoint must subscribe to at least one event
- URLs must be valid HTTPS endpoints (max 2048 characters)
Endpoints
GET
https://app.speybooks.com/api/v1/webhooks/List webhook endpointsPOSThttps://app.speybooks.com/api/v1/webhooks/Create webhook endpointPATCHhttps://app.speybooks.com/api/v1/webhooks/{id}Update webhook endpointDELETEhttps://app.speybooks.com/api/v1/webhooks/{id}Delete webhook endpointGEThttps://app.speybooks.com/api/v1/webhooks/{id}/deliveriesWebhook delivery logPOSThttps://app.speybooks.com/api/v1/webhooks/{id}/rotateRotate webhook signing secret