Webhooks
Receive events the moment they happen
Register an HTTPS endpoint, subscribe to the events you care about, verify the signature. That's all.
HMAC-SHA256 signed
Stripe-style timestamps block replays.
Exponential retry
We retry 8 times with exponential back-off. 50 consecutive failures auto-pause.
30-day replay
Recover from outages — re-deliver any event from the dashboard.
Delivery shape
Every delivery is a JSON POST with two headers: X-VIA-Signature and X-VIA-Event.
delivery.http
POST /hooks/via HTTP/1.1
Host: example.com
Content-Type: application/json
X-VIA-Event: order.delivered
X-VIA-Signature: t=1745000000,v1=a3f7c91e…
X-VIA-Delivery-Id: dlv_01HT…
{
"id": "evt_01HT…",
"type": "order.delivered",
"created_at": "2026-04-17T10:23:44Z",
"data": {
"order_id": "ord_01H9F…",
"delivered_at": "2026-04-17T10:23:40Z"
}
}Verify the signature
Signature = HMAC_SHA256(secret, `${timestamp}.${raw_body}`). The raw body is load-bearing — do not re-serialize.
verify.py
from via import verify_signature
sig = request.headers["X-VIA-Signature"]
if not verify_signature(request.get_data(), sig, WEBHOOK_SECRET):
abort(400)Event catalogue
28 event types across 10 groups. Click any row to see a sample payload.