After you create a webhook, the next step is operational: verify signatures, send test payloads, inspect delivery history, and retry failed deliveries. The webhook API exposes dedicated endpoints for each part of that loop.
The signature verification endpoint accepts an algorithm, a signature string, and the raw body string. This is useful for testing your own verification flow or for checking an HMAC configuration during setup.
curl -X POST "https://algapsa.com/api/v1/webhooks/verify" \
-H "Content-Type: application/json" \
-H "X-API-Key: $ALGA_API_KEY" \
-d '{
"algorithm": "sha256",
"signature": "sha256=abc123",
"body": "{\"event_type\":\"ticket.created\"}"
}'curl -X POST "https://algapsa.com/api/v1/webhooks/test" \
-H "Content-Type: application/json" \
-H "X-API-Key: $ALGA_API_KEY" \
-d '{
"test_event_type": "ticket.created",
"override_url": "https://httpbin.org/post"
}'
curl -X POST "https://algapsa.com/api/v1/webhooks/$WEBHOOK_ID/test" \
-H "Content-Type: application/json" \
-H "X-API-Key: $ALGA_API_KEY" \
-d '{
"test_event_type": "invoice.finalized"
}'curl -X GET "https://algapsa.com/api/v1/webhooks/$WEBHOOK_ID/deliveries?page=1&limit=25" \
-H "X-API-Key: $ALGA_API_KEY"
curl -X POST "https://algapsa.com/api/v1/webhooks/$WEBHOOK_ID/deliveries/$DELIVERY_ID/retry" \
-H "X-API-Key: $ALGA_API_KEY"pending, delivered, or failed.