Skip to content
inSigner Docs

Webhooks Overview

Webhooks let your application receive real-time HTTP notifications when events occur in inSigner — like a document being signed or completed. Instead of polling the API, inSigner sends a POST request to your server.

How it works

Section titled “How it works”
  1. You register a webhook URL and select which events to receive.
  2. When an event occurs, inSigner sends a POST request to your URL with event data.
  3. Your server processes the event and responds with a 2xx status code.
  4. If delivery fails, inSigner retries automatically.

Creating a webhook via API

Section titled “Creating a webhook via API”
POST /api/v1/webhooks

Required scope: webhooks.create

Request body

FieldTypeRequiredDescription
urlstringWebhook endpoint URL (HTTPS required in production)
eventsstring[]Array of event types to subscribe to (1–50)
descriptionstringHuman-readable description (max 500 chars)
Terminal window
curl -X POST https://app.insigner.co/api/v1/webhooks \
  -H "Authorization: Bearer isk_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://api.yourapp.com/webhooks/insigner",
    "events": ["document.completed", "document.declined", "signer.completed"],
    "description": "Production webhook for document events"
  }'

Response 201 Created

{
  "data": {
    "id": "wh_abc123",
    "url": "https://api.yourapp.com/webhooks/insigner",
    "events": "[\"document.completed\",\"document.declined\",\"signer.completed\"]",
    "status": "active",
    "description": "Production webhook for document events",
    "secret": "a1b2c3d4e5f6...64_char_hex_string",
    "createdAt": "2026-05-28T12:00:00.000Z"
  }
}

Limits

Section titled “Limits”
  • Maximum 10 webhooks per organization
  • Maximum 50 events per webhook
  • Only HTTPS URLs in production
  • 10-second timeout per delivery

Managing webhooks

Section titled “Managing webhooks”

List webhooks

Section titled “List webhooks”
GET /api/v1/webhooks

Required scope: webhooks.read

Get webhook details

Section titled “Get webhook details”
GET /api/v1/webhooks/{id}

Returns webhook details (secret is never included after creation).

Update a webhook

Section titled “Update a webhook”
PATCH /api/v1/webhooks/{id}

Required scope: webhooks.update

FieldTypeDescription
urlstringNew endpoint URL
eventsstring[]New event subscriptions
statusstring"active" or "inactive"
descriptionstring | nullUpdated description

Delete a webhook

Section titled “Delete a webhook”
DELETE /api/v1/webhooks/{id}

Required scope: webhooks.delete

Response: 204 No Content

Webhook payload format

Section titled “Webhook payload format”

All webhook deliveries use the same envelope format:

{
  "id": "a1b2c3d4e5f6...",
  "event": "document.completed",
  "api_version": "2026-05-28",
  "created_at": "2026-05-28T14:30:00.000Z",
  "data": {
    // Event-specific data
  }
}
FieldDescription
idUnique delivery ID
eventEvent type
api_versionAPI version for payload compatibility
created_atWhen the event was generated
dataEvent-specific payload

Request headers

Section titled “Request headers”

Every webhook delivery includes these headers:

HeaderDescriptionExample
Content-TypeAlways JSONapplication/json
User-AgentIdentifies inSignerinSigner-Webhooks/1.0
X-InSigner-EventEvent typedocument.completed
X-InSigner-SignatureHMAC signaturesha256=abc123...
X-InSigner-Delivery-IdUnique delivery IDa1b2c3d4...
X-InSigner-TimestampUnix timestamp1716912600