Webhook API traffic. Add monitoring to every API call with the Proxy API.

Webhook API

x-apideck-app-id

ID of the consumer which you want to get or push data from

x-apideck-consumer-id

Cursor to start from. You can find cursors for next/previous pages in the meta.cursors property of the response.

cursor

The name of downstream event when connector does not supply in body or header

filter

Number of results to return. Minimum 1, Maximum 200, Default 20

limit

Unique identifier to used to look up consumer/connection when receiving connector events from downstream.

l_id

JWT Webhook token that represents the connection lookupId. Signed so we know source came from us

serviceId

Validation token for webhook verification

validationToken

JWT Webhook token that represents the unifiedApi and applicationId associated to the event source.

Plain text response for webhook validation (e.g., validation token)

Contains parameter or domain specific information related to the error and why it occurred.

Contains an explanation of the status_code as defined in HTTP/1.1 standard (RFC 7231)

A human-readable message providing more details about the error.

Unique consumer identifier. You can freely choose a consumer ID yourself. Most of the time, this is an ID of your internal data model that represents a user or account in your system (for example account:12345). If the consumer doesn't exist yet, Vault will upsert a consumer based on your ID.

The list of subscribed events for this webhook. [`*`] indicates that all events are enabled.

Subscribed events

The date and time when the object was created.

Created at (timestamp)

The delivery url of the webhook endpoint.

Description

The Unify Base URL events from connectors will be sent to after service id is appended.

Links to navigate to previous or next pages through the API

Link to navigate to the current page through the API

Link to navigate to the previous page through the API

Raw response from the integration when raw=true query param is provided

The date and time when the object was last updated.

Updated at (timestamp)

Indicates if the webhook has has been disabled as it reached its retry limit or if account is over the usage allocated by it's plan.

The service provider's ID of the entity that triggered this event

The type entity that triggered this event

The current count this request event has been attempted

ISO Datetime for when the original event occurred

record of each attempt to call webhook endpoint

Name of the Entity described by the attributes delivered within payload

Name of source event that webhook is subscribed to.

Number of attempts webhook endpoint was called before a success was returned or eventually failed

The JSON stringified payload that was delivered to the webhook endpoint.

ActiveCampaign

The JSON stringified response that was returned from the webhook endpoint.

If the request has not hit the max retry limit and will be retried.

Apideck service provider associated with event.

Whether or not the request was successful.

ISO Date and time when the request was made.

To access our API, you need to sign up and obtain your unique API key. Each Unify application is assigned a single API key. You can locate your API key in the Configuration Settings section of your Apideck application. Additionally, your application’s application_id is available on the same page.

Authenticate your API requests by including your test or live secret API key in the request header.

- Bearer authorization header: `Authorization: Bearer "YOUR_API_KEY_HERE"`
- Application id header: `x-apideck-app-id: "YOUR_APP_ID_HERE"`

You should use the public keys on the SDKs and the secret keys to authenticate API requests.

**Do not share or include your secret API keys on client side code.** Your API keys carry significant privileges. Please ensure to keep them 100% secure and be sure to not share your secret API keys in areas that are publicly accessible like GitHub.

Learn how to set the Authorization header inside Postman https://learning.postman.com/docs/postman/sending-api-requests/authorization/#api-key

Go to Unify to grab your API KEY https://app.apideck.com/unify/api-keys


Authorization

# Webhook API

The Webhook API allows you to create, manage, and receive webhooks from Apideck's Unified APIs. Webhooks provide real-time notifications when events occur in connected services.

## Webhook Security

Apideck signs all webhook events sent to your endpoints, allowing you to verify the authenticity of each request.

### Signature Verification

Each webhook request includes an `x-apideck-signature` header that you can use to verify the request:

1. Extract the `x-apideck-signature` header from the request
2. Get the raw request body (as a string)
3. Sort all object keys in the request body recursively (maintaining array order)
4. Create a signature using HMAC SHA-256 with your API key as the secret
5. Compare signatures using a constant-time comparison function

For detailed implementation examples in multiple languages, see our [Webhook Signature Verification documentation](https://developers.apideck.com/guides/webhook-signature-verification).

## Base URL

The base URL for all API requests is `https://unify.apideck.com`

## API Headers

When making requests to manage webhooks (creating, updating, listing, or deleting webhook configurations), the following headers are required:

| Name                  | Type    | Required | Description                                                                                                                   |
| --------------------- | ------- | -------- | ----------------------------------------------------------------------------------------------------------------------------- |
| x-apideck-app-id      | String  | Yes      | The application ID from your Unify application. Available at https://app.apideck.com/unify/api-keys.                          |
| Authorization         | String  | Yes      | Bearer API KEY                                                                                                                |

## Webhook Event Headers

When Apideck sends webhook events to your server, the following headers are included:

| Name                    | Type    | Description                                                                                            |
| ----------------------- | ------- | ------------------------------------------------------------------------------------------------------ |
| x-apideck-signature     | String  | HMAC SHA-256 signature of the request body, used to verify the webhook came from Apideck               |
| x-apideck-event-type    | String  | The type of event that triggered the webhook (e.g., "vault.connection.updated")                        |
| x-apideck-idempotency-key | String  | A unique identifier for the webhook event, can be used to prevent duplicate processing                 |
| User-Agent              | String  | "Apideck/WebhookClient"                                                                                |

## Authorization

You can interact with the API through the authorization methods below.

Apache 2.0

Resolve a webhook based on lookup_id and then execute it

Plain text body for webhook validation requests

Create a webhook subscription to receive events

Webhook API Reference