Arowana sends webhook events to your server whenever something notable happens — a message delivers, a user replies, an email bounces, or your balance runs low. You register one or more HTTPS endpoints and subscribe each to the events you care about.

Manage endpoints

MethodPathDescription
POST/v1/webhooksRegister a new endpoint
GET/v1/webhooksList registered endpoints
PATCH/v1/webhooks/{id}Update URL, events, or rotate secret
DELETE/v1/webhooks/{id}Remove an endpoint
POST/v1/webhooks/{id}/testSend a synthetic test payload

Register an endpoint

curl -sS -X POST "https://api.arowana.app/v1/webhooks" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.example.com/webhooks/arowana",
    "events": ["message.delivered", "message.failed", "email.bounced"],
    "secret": "whsec_your_shared_secret"
  }'
Only HTTPS endpoints are accepted. The platform validates the TLS certificate on every delivery attempt.

Payload envelope

Every event shares the same outer envelope: 
{
  "id": "evt_a1b2c3d4",
  "event": "message.delivered",
  "timestamp": "2026-03-28T09:01:00Z",
  "data": { }
}
id
string
Unique event identifier. Use for idempotency and deduplication.
event
string
Event name matching your subscription (e.g. message.delivered, email.bounced).
timestamp
string
ISO 8601 time when the event was emitted.
data
object
Event-specific payload. Shape varies by event type — see the individual event pages in the sidebar for full schemas.

Webhooks quickstart

Register an endpoint and verify your first event end-to-end.

Verify requests

HMAC-SHA256 signature verification.