POST to your registered URL with a signed JSON payload.
Today, webhooks are an operational signal layer, not a complete replay feed. In particular, transactions.sync_available tells you to call GET /v1/transactions/sync; it is not itself a transaction reconciliation stream.
Registering an endpoint
Create a webhook registration withPOST /v1/webhooks, specifying the delivery URL and the event types you want to receive. The response includes a signing secret — store it securely, as it is only shown in full once.
Alternatively, you can register a webhook manually using the Waycore Console.
Verifying deliveries
Every delivery includes aWaycore-Signature header in the format:
v1 is the HMAC-SHA256 of:
Event types
| Event | Status today | Notes |
|---|---|---|
connection.status_changed | Emitted | Fired when a connection changes status. |
transactions.sync_available | Emitted | Indicates fresh transaction data is ready. Call GET /v1/transactions/sync. Deliveries are currently connection-scoped, so accountId is currently null. |
test | Explicitly triggerable | Can be queued through the API when the webhook is active and subscribed to test. |
Event envelope
Every delivery shares the same outer structure:id as an idempotency key. Your endpoint may receive the same event more than once.
Retry behavior
Waycore retries unacknowledged deliveries with exponential backoff when the endpoint returns a non-2xx response or times out. Return a2xx response as quickly as possible and process the event asynchronously.
Testing a webhook
UsePOST /v1/webhooks/{webhookId}/test to queue a synthetic test event for a single registration. The webhook must be active and already subscribed to the test event type.
Managing registrations
Create webhook
List webhooks
Get webhook
Update webhook
Delete webhook
Trigger test webhook
Required scopes
| Scope | Used by |
|---|---|
webhooks:write | Create, update, delete, trigger test |
webhooks:read | List, get |