Event model
Webhook payloads should be treated as immutable event facts with stable identifiers.
Baseline payload shape
{
"id": "evt_01J...",
"type": "session.created",
"occurredAt": "2026-03-05T10:15:30Z",
"tenantId": "ten_...",
"projectId": "prj_...",
"data": {}
}
Suggested event groups
session.*membership.*tenant.*project.*plan.*webhook.delivery.*
Delivery guarantees
- At-least-once delivery
- Retries on non-
2xxresponses - Signed payloads with replay defense
Consumer requirements
- Verify signature before parsing.
- Deduplicate by event ID and delivery ID.
- Process idempotently.
- Return
2xxonly after durable acceptance.
Operational fields to log
- event ID
- delivery ID
- tenant/project scope
- processing outcome
- retry count
Related docs
- Webhook signature verification:
/docs/reference/webhook-signatures - Webhooks quickstart:
/docs/quickstart/webhooks