SecurePoint USA
SecurePoint USAEnterprise Compliance
Book Demo
Back to Documentation

Webhooks and Notifications

Stream visitor, screening, adjudication, and audit-related events into your systems when outbound webhooks are enabled for your environment.

Event Coverage

Outbound webhooks are a configured feature. Once enabled for your tenant, configure one or more endpoints for the event types below.

  • visitor.checkin
  • visitor.checkout
  • visitor.approved
  • visitor.denied
  • screening.decision
  • screening.completed
  • screening.escalated
  • adjudication.disposition_changed
  • evidence.ready
  • session.under_review
  • badge.printed

Delivery Lifecycle

Deliveries move through pending, delivering, delivered, and failed states. Retries are controlled by max_retries on each endpoint. If outbound webhooks are not enabled, endpoint management is unavailable and events are not delivered.

Signed Payloads

Validate X-Spusa-Signature and X-Spusa-Timestamp before processing webhook payloads.

Structured Event Body

Each delivery includes event type, organization id, and a data object with event payload details.

Endpoint Operations

Manage endpoint registration, status, and secret rotation through admin webhook routes after SecurePoint enables outbound delivery for the tenant.

Verification Example

const body = await request.text();
const signature = request.headers.get('X-Spusa-Signature');
const timestamp = request.headers.get('X-Spusa-Timestamp');
const payloadToSign = `${timestamp}.${body}`;

// Compute expected HMAC-SHA256 and compare using timing-safe checks

For production, keep webhook secrets in server-side secret storage and reject stale timestamps.

Need help wiring an integration?

We can provide event catalogs, payload samples, and testing guidance for your systems.

Talk to the team
Webhooks and Notifications - SecurePoint USA