Stream visitor, screening, adjudication, and audit-related events into your systems when outbound webhooks are enabled for your environment.
Outbound webhooks are a configured feature. Once enabled for your tenant, configure one or more endpoints for the event types below.
Deliveries move through pending, delivering, delivered, and failed states. Retries are controlled by max_retries on each endpoint. If outbound webhooks are not enabled, endpoint management is unavailable and events are not delivered.
Validate X-Spusa-Signature and X-Spusa-Timestamp before processing webhook payloads.
Each delivery includes event type, organization id, and a data object with event payload details.
Manage endpoint registration, status, and secret rotation through admin webhook routes after SecurePoint enables outbound delivery for the tenant.
const body = await request.text();
const signature = request.headers.get('X-Spusa-Signature');
const timestamp = request.headers.get('X-Spusa-Timestamp');
const payloadToSign = `${timestamp}.${body}`;
// Compute expected HMAC-SHA256 and compare using timing-safe checks
For production, keep webhook secrets in server-side secret storage and reject stale timestamps.
We can provide event catalogs, payload samples, and testing guidance for your systems.
Talk to the team