How It Works
1
Register an endpoint
Add an HTTPS URL in the Paxos Labs Console under your organization’s Webhooks tab. You receive a signing secret on creation — store it securely.
2
Subscribe to events
Choose which event types your endpoint should receive. You can subscribe to all available events or select specific ones.
3
Receive and verify
When an event fires, Paxos Labs sends a signed
POST request to your endpoint. Your server verifies the HMAC signature, then processes the payload.Quick Links
Quick Start
Register an endpoint, subscribe to events, and handle your first webhook in minutes.
Signature Verification
Verify webhook authenticity with HMAC-SHA256 signatures. Includes code samples in Node.js, Python, and Go.
Event Catalog
Complete reference of all webhook event types with payload schemas and examples.
Key Concepts
Security Model
Every webhook request is signed with your endpoint’s unique secret using HMAC-SHA256. Two headers accompany each request:
Your server should always verify the signature before processing a webhook. This prevents forgery and replay attacks.