Webhooks

Get notified at your own endpoint when link events happen. Pro+.

Manage

POST   /api/webhooks            # { url, events: ["link.clicked", ...] }
GET    /api/webhooks
PATCH  /api/webhooks/{id}        # { url?, events?, active? }
DELETE /api/webhooks/{id}
POST   /api/webhooks/{id}/test   # send a sample payload

Webhook URLs must be HTTPS and pass an SSRF check (no private/loopback hosts).

Events

link.created · link.updated · link.deleted · link.clicked

Payload

{ "event": "link.clicked", "timestamp": "2026-06-01T12:00:00Z", "data": { "code": "launch", "country": "US", "device": "Mobile", "referrer": "Direct" } }

Verify the signature

Each request includes X-LinkLane-Signature: <hex> — an HMAC-SHA256 of the raw body using your webhook's secret. Recompute and compare (constant-time) before trusting it.

import hmac, hashlib
expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
assert hmac.compare_digest(expected, request.headers["X-LinkLane-Signature"])

Delivery & reliability

Deliveries retry once on failure. After repeated failures a webhook is auto-disabled and you get an in-app notification + a "failing" badge in the dashboard.

Manage​

Events​

Payload​

Verify the signature​

Delivery & reliability​

Manage

Events

Payload

Verify the signature

Delivery & reliability