Register a webhook endpoint
Webhook Endpoints
Register a webhook endpoint
The response includes the signing secret once. Verify each
delivery by computing HMAC-SHA256 over the raw request body with this
secret and comparing to the Cactus-Signature header
(format: t=<unix_ts>,v1=<hex digest>; digest is over
"{t}.{body}"). Reject deliveries older than 5 minutes.
POST
Register a webhook endpoint
Authorizations
Partner API key issued by Cactus.
Headers
Unique key making the request safely retryable.
Maximum string length:
255Body
application/json
Response
201 - application/json
Endpoint registered; secret returned once.
Example:
"we_01J9ZKQ2"
Available options:
extraction.completed, extraction.failed, underwriting.completed, underwriting.failed Available options:
enabled, disabled HMAC signing secret — shown only in this response.
Example:
"whsec_9f2c..."