Guides
Webhooks
Receive real-time event notifications via webhooks.
Webhooks
Webhooks let you receive real-time HTTP POST notifications when events occur in your Pipelime account.
Setup
- Go to Settings -> Webhooks
- Click Create Webhook
- Enter your endpoint URL and select events
- Save — your webhook secret is shown once
Events
| Event | Description |
|---|---|
email.sent | Email successfully sent |
email.opened | Open tracking pixel triggered |
email.clicked | Tracked link clicked |
email.replied | Reply detected via inbox sync |
email.bounced | Hard bounce detected |
email.unsubscribed | Contact clicked unsubscribe |
contact.created | New contact added |
contact.updated | Contact data changed |
contact.blocklisted | Contact added to blocklist |
campaign.started | Campaign activated |
campaign.paused | Campaign paused |
campaign.completed | All contacts processed |
campaign.contact_completed | All steps done for a contact |
Payload Format
{
"event": "email.sent",
"timestamp": "2026-03-29T14:30:00Z",
"data": {
"executionId": "exec_123",
"campaignId": "camp_456",
"contactId": "cont_789",
"stepId": "step_012",
"emailAccountId": "ea_345"
}
}Verifying Signatures
Every delivery includes an HMAC-SHA256 signature in the
X-Webhook-Signature header:
import crypto from "crypto";
function verifyWebhookSignature(
payload: string,
signature: string,
secret: string,
): boolean {
const expected = crypto
.createHmac("sha256", secret)
.update(payload)
.digest("hex");
return signature === `sha256=${expected}`;
}
// In your webhook handler:
const signature = req.headers["x-webhook-signature"];
const isValid = verifyWebhookSignature(
JSON.stringify(req.body),
signature,
"whsec_your_secret",
);Retry Policy
Failed deliveries are retried with exponential backoff:
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 1 minute |
| 3 | 5 minutes |
| 4 | 30 minutes |
| 5 | 2 hours |
After 5 consecutive failures, the endpoint status changes to failing.
After 20, it's automatically disabled.
Secret Rotation
Rotate your webhook secret without downtime:
curl -X POST https://app.Pipelime.io/api/webhooks/{id}/rotate-secret \
-H "Authorization: Bearer ki_your_key"Both old and new secrets are valid during a 7-day grace period.