Skip to content
Certyn

Webhooks API

Register outgoing webhooks, inspect deliveries, and verify signatures.

Certyn supports outgoing webhooks: event notifications that Certyn POSTs to your endpoint.

List event types

GET/api/webhooks/event-typesBearer Token

List webhooks

GET/api/webhooksBearer Token

Query:

  • projectId (optional)
  • includeGlobal (optional, default true)
  • page, pageSize

Register webhook

POST/api/webhooksBearer Token

Delete webhook

DELETE/api/webhooks/{id}Bearer Token

Rotate secret

POST/api/webhooks/{id}/secret/rotateBearer Token

Test webhook

POST/api/webhooks/{id}/testBearer Token

Deliveries

GET/api/webhooks/{id}/deliveriesBearer Token
GET/api/webhooks/{id}/deliveries/{deliveryId}Bearer Token
POST/api/webhooks/{id}/deliveries/{deliveryId}/retryBearer Token

Signature verification

Webhook deliveries include:

  • X-Certyn-Timestamp (ISO-8601)
  • X-Certyn-Signature in the form sha256=<hex>

The signature is an HMAC-SHA256 over:

<timestamp>.<raw_json_body>

Use your webhook secret (webhook-level secret, or tenant signing secret if configured) as the HMAC key.

PreviousObservations APINextAPI Keys API