Skip to main content
This guide creates an endpoint, verifies deliveries in your receiver, and sends a test event.

Create an endpoint

curl -X POST https://api.case.dev/webhooks/v1/endpoints \
  -H "Authorization: Bearer $CASEDEV_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.example.com/webhooks/casedev",
    "description": "Production event receiver",
    "eventTypeFilters": ["vault.ingest.completed"]
  }'
The response includes endpoint.id and signingSecret. Store the signing secret in your secrets manager before closing the response.
Response
{
  "endpoint": {
    "id": "evsub_123",
    "url": "https://your-app.example.com/webhooks/casedev",
    "eventTypeFilters": ["vault.ingest.completed"],
    "status": "active"
  },
  "signingSecret": "whsec_..."
}

Add a receiver

The TypeScript, Python, and Go SDKs ship a Webhook helper that verifies the signature, enforces a 5-minute timestamp tolerance, and returns the parsed event. Hand it the raw request body — re-stringified JSON breaks the signature. Keep receiver logs bounded to delivery status and event type; avoid logging event IDs or payload data unless you redact them first. 
import express from 'express'
import { Webhook, WebhookVerificationError } from 'casedev/webhooks'

const app = express()
const wh = new Webhook(process.env.CASEDEV_WEBHOOK_SECRET!)

app.post('/webhooks/casedev', express.raw({ type: 'application/json' }), (req, res) => {
  try {
    const event = wh.verify(req.body, req.headers)
    console.info('case.dev webhook received', { type: event.type })
    if (event.type === 'vault.ingest.completed') {
      // Trigger internal work from event.data here; do not log the payload directly.
    }
    return res.sendStatus(204)
  } catch (err) {
    if (err instanceof WebhookVerificationError) return res.status(400).send(err.code)
    throw err
  }
})

Send a test event

curl -X POST "https://api.case.dev/webhooks/v1/endpoints/$ENDPOINT_ID/test" \
  -H "Authorization: Bearer $CASEDEV_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "eventType": "vault.ingest.completed",
    "payload": {
      "vaultId": "vault_123",
      "objectId": "obj_123",
      "durationMs": 1284,
      "chunkCount": 42
    }
  }'
The test endpoint performs one synchronous delivery. Use it to confirm reachability and signature verification before broadening your filters.

Go live

Start with exact event names, then widen to patterns like vault.* after your receiver is stable. Use Event types for the generated event list and API reference for endpoint update, replay, and rotation APIs.