API Reference

Integrations

Zapier and outbound webhooks

SecurePoint USA delivers signed JSON to any HTTPS URL. Zapier's Webhooks by Zapier Catch Hook provides that URL—paste it when you create a webhook endpoint in API & Integrations.

Setup (high level)

  1. In Zapier, create a Zap with trigger Catch Hook (or equivalent). Copy the webhook URL Zapier shows.
  2. In SecurePoint USA, open Admin → API & Integrations, add New webhook endpoint, paste the URL, and select event types.
  3. Copy the signing secret once and store it in your password manager. Zapier does not need the secret for the trigger to fire; use it if you add a verification step (see below).
  4. Turn the Zap on. Trigger a test event in SecurePoint (e.g. check-in or screening decision) and confirm the Zap receives the payload.

Payload shape

Each delivery is a JSON object: id, event_type, organization_id, created_at, and data (event-specific fields; keep mappings to IDs and non-sensitive labels where possible).

Signature headers

Requests include X-Spusa-Signature, X-Spusa-Timestamp, and X-Spusa-Event. Verification details match the API Reference outbound webhooks section. Optional: add a Zapier Code step to validate HMAC using your stored secret.

Production: outbound webhooks require the FEATURE_WEBHOOKS_OUTBOUND flag and cron delivery job to be enabled in your environment.