Webhooks Overview
Webhooks allow your application to receive real-time HTTP callbacks when events occur in your xQR workspace — like a link being scanned, a bio page published, or an asset uploaded.
How It Works
- You register a webhook endpoint URL and the events you want to receive
- When a matching event occurs, xQR sends a
POSTrequest to your URL - The payload is signed with HMAC-SHA256 so you can verify authenticity
- If delivery fails, xQR retries with exponential backoff
Payload Format
Every webhook delivery sends a JSON payload:
{ "event": "link.created", "timestamp": "2026-03-21T10:30:00Z", "data": { "link_id": "550e8400-e29b-41d4-a716-446655440000", "short_code": "my-link", "destination": "https://example.com" }}Headers
Each delivery includes these headers:
| Header | Description |
|---|---|
Content-Type | application/json |
X-XQR-Event | Event type (e.g. link.created) |
X-XQR-Delivery | Unique delivery ID (UUID) |
X-XQR-Signature | HMAC-SHA256 signature: sha256={hex_digest} |
User-Agent | xQR-Webhooks/1.0 |
Managing Webhooks
Create and manage webhooks via:
- Dashboard: Settings → Developers → Webhooks
- API:
POST /v1/webhooks - MCP:
create_webhooktool (coming in Phase 2)
Plan Limits
| Plan | Webhook Endpoints |
|---|---|
| Free | 0 |
| Pro | 3 |
| Business | 20 |
| Enterprise | Unlimited |
Was this page helpful?
Thanks for your feedback!