Webhook Configuration
Create, manage, and test webhook endpoints for real-time verification notifications.
Use these routes to manage webhook endpoints and inspect delivery history.
Protected routes require a valid dashboard session cookie (-b pacspace-dashboard-cookies.txt).
Base URL: https://app.pacspace.io
POST https://app.pacspace.io/dashboard/webhooks
Create a Webhook
Register a new destination URL for event delivery.
curl -X POST https://app.pacspace.io/dashboard/webhooks \
-b pacspace-dashboard-cookies.txt \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-app.com/webhooks/pacspace",
"description": "Production webhook"
}'
Response 201 Created
{
"success": true,
"data": {
"id": "webhook_cmh2xyz3e50005l801abc123",
"url": "https://your-app.com/webhooks/pacspace",
"secret": "whsec_abc123def456xyz789",
"enabled": true,
"createdAt": "2026-04-10T12:00:00.000Z"
},
"message": "Webhook created successfully. Save your secret securely - it won't be shown again."
}
Important: The
secretis only returned at creation. Store it securely - you'll need it to verify incoming webhook signatures.
List Webhooks
Retrieve webhook endpoints for your tenant.
curl https://app.pacspace.io/dashboard/webhooks \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"success": true,
"data": {
"webhooks": [
{
"id": "webhook_cmh2xyz3e50005l801abc123",
"url": "https://your-app.com/webhooks/pacspace",
"enabled": true,
"createdAt": "2026-04-10T12:00:00.000Z",
"lastTriggered": "2026-04-10T12:20:00.000Z",
"successCount": 18,
"failureCount": 1
}
],
"pagination": {
"page": 1,
"limit": 10,
"total": 1,
"totalPages": 1
}
}
}
Get a Webhook
Retrieve details for a specific webhook.
curl https://app.pacspace.io/dashboard/webhooks/wh_abc123 \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"success": true,
"data": {
"id": "webhook_cmh2xyz3e50005l801abc123",
"url": "https://your-app.com/webhooks/pacspace",
"enabled": true,
"createdAt": "2026-04-10T12:00:00.000Z",
"lastTriggered": "2026-04-10T12:20:00.000Z"
}
}
Webhook endpoints currently receive the public event set. Common events include
delta.verified,delta.failed,checkpoint.verified, andreceipt.generated.
Toggle a Webhook
Enable or disable a webhook without deleting it.
curl -X POST https://app.pacspace.io/dashboard/webhooks/wh_abc123/toggle \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"success": true,
"data": {
"id": "webhook_cmh2xyz3e50005l801abc123",
"enabled": false
}
}
Test a Webhook
Send a test event to your endpoint to verify it's configured correctly.
curl -X POST https://app.pacspace.io/dashboard/webhooks/wh_abc123/test \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"success": true,
"data": {
"success": true,
"httpStatus": 200,
"message": "Test event sent successfully."
}
}
Your endpoint will receive a payload like:
{
"event": "test",
"timestamp": "2025-06-10T15:30:00.000Z",
"data": {
"message": "This is a test webhook event from PacSpace."
}
}
Delete a Webhook
Permanently remove a webhook endpoint.
curl -X DELETE https://app.pacspace.io/dashboard/webhooks/wh_abc123 \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"success": true,
"message": "Webhook deleted successfully."
}
Delivery History
List Deliveries
Inspect delivery attempts across all events.
curl "https://app.pacspace.io/dashboard/webhooks/deliveries?status=failed&limit=20&offset=0" \
-b pacspace-dashboard-cookies.txt
Supported filters:
status:pending,delivered,failedstartDate,endDate:YYYY-MM-DDsortBy:createdAt,deliveredAt,attemptssortOrder:asc,desclimit,offset
Export Deliveries (CSV)
curl "https://app.pacspace.io/dashboard/webhooks/deliveries/export?status=failed&startDate=2026-04-01&endDate=2026-04-10" \
-b pacspace-dashboard-cookies.txt \
-o webhook-deliveries.csv
Retry Failed Delivery
curl -X POST https://app.pacspace.io/dashboard/webhooks/deliveries/evt_123/retry \
-b pacspace-dashboard-cookies.txt
Only failed deliveries can be retried.
Verifying Webhook Signatures
Every webhook request includes signature headers so you can verify it came from PacSpace.
X-PacSpace-Signature: v1=a1b2c3d4e5f6...
X-PacSpace-Timestamp: 1739270400
Verify it in your handler:
const crypto = require('crypto');
function verifyWebhookSignature(rawBody, signature, timestamp, secret) {
const signedContent = `${timestamp}.${rawBody}`;
const expected = 'v1=' + crypto
.createHmac('sha256', secret)
.update(signedContent)
.digest('hex');
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}
// In your webhook handler
app.post('/webhooks/pacspace', (req, res) => {
const signature = req.headers['x-pacspace-signature'];
const timestamp = req.headers['x-pacspace-timestamp'];
const isValid = verifyWebhookSignature(
req.rawBody,
signature,
timestamp,
process.env.PACSPACE_WEBHOOK_SECRET
);
if (!isValid) {
return res.status(401).send('Invalid signature');
}
// Process the event
console.log('Event:', req.body.event);
res.status(200).send('OK');
});
Endpoints Summary
| Endpoint | Method | Description |
|---|---|---|
/dashboard/webhooks | POST | Create a new webhook |
/dashboard/webhooks | GET | List all webhooks |
/dashboard/webhooks/deliveries | GET | List delivery history |
/dashboard/webhooks/deliveries/export | GET | Export delivery history as CSV |
/dashboard/webhooks/deliveries/:eventId/retry | POST | Retry failed delivery |
/dashboard/webhooks/:id | GET | Get a specific webhook |
/dashboard/webhooks/:id/toggle | POST | Enable or disable |
/dashboard/webhooks/:id/test | POST | Send a test event |
/dashboard/webhooks/:id | DELETE | Permanently delete |