Implement a public endpoint in your app and receive campaign events. Verify requests using the signing secret as in the given example. This is what protects the endpoint!

You can register your webhooks and view the requests we made to them in Developer -> Webhooks.

Example Webhook

This is an example implementation of a webhook for a NodeJS express server.

// Helper method to verify payload signature
function constructEvent(payload, signature, secret) {
	const hmac = crypto.createHmac('sha256', secret);
    const calculatedSignature = hmac.digest('base64');
	if (signature !== calculatedSignature) throw new Error('Failed signature verification')
    return JSON.parse(payload);

// Sample endpoint controller (Express)
app.post('${path}', (req, res) => {
    let event;

    try {
        // Veries and parses the payload using the WEBHOOK_SIGNING_SECRET which you can get in Developer -> Webhooks
        event = constructEvent(req.body.payload, req.body.signature, WEBHOOK_SIGNING_SECRET);
    } catch (error) {
        return res.status(400).send("Webhook Error: " + err.message);

    switch(event.type) {
        case 'reward_custom.paid': {
            // Handle the event
            // ...
        default : {
            console.log("Unhandled event type " + event.type)


Last updated