PacSpace

Dashboard API

Webhook Configuration

Create, manage, and test webhook endpoints for real-time verification notifications.

Webhooks let you receive real-time notifications when verification events happen — records verified, errors encountered, and more. Configure endpoints here, and PacSpace will send HTTP POST requests to your server.

All routes require a valid JWT in the Authorization header:

bash
-H "Authorization: Bearer YOUR_JWT_TOKEN"

Base URL: https://balance-api.pacspace.io

Create a Webhook

Register a new webhook endpoint.

bash
curl -X POST https://balance-api.pacspace.io/dashboard/webhooks \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.com/webhooks/pacspace",
    "events": ["verification.completed", "verification.failed"],
    "description": "Production webhook"
  }'

Response 201 Created

json
{
  "statusCode": 201,
  "data": {
    "id": "wh_abc123",
    "url": "https://your-app.com/webhooks/pacspace",
    "events": ["verification.completed", "verification.failed"],
    "description": "Production webhook",
    "secret": "whsec_k7d9f2a1b3c4e5...",
    "active": true,
    "createdAt": "2025-06-01T12:00:00.000Z"
  }
}

Important: The secret is only returned at creation. Store it securely — you'll need it to verify incoming webhook signatures.

List Webhooks

Retrieve all configured webhook endpoints.

bash
curl https://balance-api.pacspace.io/dashboard/webhooks \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json
{
  "statusCode": 200,
  "data": [
    {
      "id": "wh_abc123",
      "url": "https://your-app.com/webhooks/pacspace",
      "events": ["verification.completed", "verification.failed"],
      "description": "Production webhook",
      "active": true,
      "createdAt": "2025-06-01T12:00:00.000Z"
    }
  ]
}

Get a Webhook

Retrieve details for a specific webhook.

bash
curl https://balance-api.pacspace.io/dashboard/webhooks/wh_abc123 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json
{
  "statusCode": 200,
  "data": {
    "id": "wh_abc123",
    "url": "https://your-app.com/webhooks/pacspace",
    "events": ["verification.completed", "verification.failed"],
    "description": "Production webhook",
    "active": true,
    "createdAt": "2025-06-01T12:00:00.000Z",
    "lastTriggeredAt": "2025-06-10T15:22:00.000Z"
  }
}

Toggle a Webhook

Enable or disable a webhook without deleting it.

bash
curl -X POST https://balance-api.pacspace.io/dashboard/webhooks/wh_abc123/toggle \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json
{
  "statusCode": 200,
  "data": {
    "id": "wh_abc123",
    "active": false,
    "message": "Webhook has been disabled."
  }
}

Test a Webhook

Send a test event to your endpoint to verify it's configured correctly.

bash
curl -X POST https://balance-api.pacspace.io/dashboard/webhooks/wh_abc123/test \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json
{
  "statusCode": 200,
  "data": {
    "success": true,
    "httpStatus": 200,
    "message": "Test event sent successfully."
  }
}

Your endpoint will receive a payload like:

json
{
  "event": "test",
  "timestamp": "2025-06-10T15:30:00.000Z",
  "data": {
    "message": "This is a test webhook event from PacSpace."
  }
}

Delete a Webhook

Permanently remove a webhook endpoint.

bash
curl -X DELETE https://balance-api.pacspace.io/dashboard/webhooks/wh_abc123 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Response 200 OK

json
{
  "statusCode": 200,
  "message": "Webhook deleted successfully."
}

Verifying Webhook Signatures

Every webhook request includes a signature header so you can verify it came from PacSpace.

bash
X-PacSpace-Signature: sha256=a1b2c3d4e5f6...

Verify it in your handler:

javascript
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return `sha256=${expected}` === signature;
}

// In your webhook handler
app.post('/webhooks/pacspace', (req, res) => {
  const signature = req.headers['x-pacspace-signature'];
  const isValid = verifyWebhookSignature(
    JSON.stringify(req.body),
    signature,
    process.env.PACSPACE_WEBHOOK_SECRET
  );

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  // Process the event
  console.log('Event:', req.body.event);
  res.status(200).send('OK');
});

Endpoints Summary

EndpointMethodDescription
/dashboard/webhooksPOSTCreate a new webhook
/dashboard/webhooksGETList all webhooks
/dashboard/webhooks/:idGETGet a specific webhook
/dashboard/webhooks/:id/togglePOSTEnable or disable
/dashboard/webhooks/:id/testPOSTSend a test event
/dashboard/webhooks/:idDELETEPermanently delete
Was this page helpful?

Last updated February 11, 2026

Previous

API Key Management

Next

Tenant Information