Webhooks
Real-time events, signed and retried.
Subscribe to any HeldSway event and receive a signed HTTPS POST within seconds. We retry with exponential backoff, sign every payload, and keep a 30-day replayable log so you never miss an event because your server was briefly down.
What HeldSway webhooks deliver.
Sub-second latency
Events fire within seconds of the originating action — no polling, no batch.
HMAC-SHA256 signing
Every payload is signed with your endpoint secret. Verify with a one-line check; reject anything that does not match.
Automatic retry with backoff
Failed deliveries retry over 24 hours with exponential backoff. We mark you down only after sustained failures.
30-day replayable log
Every delivery (success or failure) is logged for 30 days. Replay any event from the dashboard or via API.
Per-endpoint event filters
Subscribe each endpoint to specific event types — your CRM gets signups; your finance system gets payouts; nothing extra.
IP allowlist published
All webhook traffic originates from a stable, published IP range so you can firewall-allow it cleanly.
How to connect
First webhook firing in five minutes.
- 01
Add an endpoint
Dashboard → Webhooks → Add endpoint. Paste your HTTPS URL, pick events, and copy the signing secret.
- 02
Verify the signature
In your handler, compute HMAC-SHA256 of `timestamp.body` with the secret and compare to the `HeldSway-Signature` header. Reject anything older than 5 minutes.
- 03
Replay a test event
Use the dashboard's "Send test event" button to fire a sample payload. Watch the delivery succeed; inspect the JSON.
Event types
- affiliate.created
- affiliate.updated
- conversion.created
- conversion.refunded
- commission.accrued
- commission.reversed
- payout.scheduled
- payout.sent
- payout.failed
- fraud.flagged
- plan.upgraded
Pairs naturally with
Push HeldSway events to anywhere with a URL.
Free trial includes webhook endpoints on every plan from Basic up. Five-minute setup.