Webhooks
Event-driven webhooks.
Event Types
record.createdrecord.updatedrecord.deletedapproval.createdapproval.resolvedworkflow.executedentity.changednotification.created
Signature Verification
Every request includes an x-scratchboard-signature header. Verify with HMAC-SHA256 before processing.
hash = HMAC-SHA256(secret, rawBody) sig = request.headers["x-scratchboard-signature"] if (!timingSafeEqual(hash, sig)) reject(401)
Retry Policy
Non-2xx responses trigger exponential retries. After 5 failures the webhook is paused.
| Attempt | Delay |
|---|---|
| #1 | 1 min |
| #2 | 5 min |
| #3 | 30 min |
| #4 | 2 hours |
| #5 | 24 hours |
Start receiving events
Register your first webhook endpoint in minutes.