API · Accounts

Webhook

Register a URL to receive event payloads from your account. Replicant Space verifies the URL on registration before any events are sent.

Endpoint

POST /v1/accounts/webhook

Example

POST /v1/accounts/webhook 200 OK

$ curl -X POST https://api.replicant.space/v1/accounts/webhook \
    -H "Authorization: Bearer $API_KEY" \
    -d '{"url": "https://your-server.example.com/replicant-hook"}'

response response

{
  "status": "webhook_registered",
  "verified_at": "2026-05-10T10:14:50+01:00",
  "webhook_secret": "whsec_4f8c2b7a1e9d5f3c6b8a0d2e4f7c9b1a"
}

Keep the webhook_secret safe - use it to verify the signatures on incoming event payloads.

Verification challenge

Before the webhook is registered, Replicant Space sends a verification challenge to the URL you provided. Your server needs to echo the challenge value back in the response body.

response incoming · webhook_verification

{
  "type": "webhook_verification",
  "challenge": "chl_8f1a3c5e7d9b2f4a"
}

response your response

{
  "challenge": "chl_8f1a3c5e7d9b2f4a"
}

Until the challenge succeeds, no event payloads are sent. If verification fails the endpoint responds with an error and the webhook isn't registered.

No server? No problem.

If you don't have a server set up, point the webhook at our webhook interceptor. You can watch live event payloads in your browser without needing to deploy anything.