Skip to content

Webhooks API

Base URL: https://qck.sh/public-api/v1


GET /webhooks

Permission: webhooks:read

Response 200

{
"success": true,
"data": [
{
"id": "0190a8b2-7c3e-7d44-9f1a-2b3c4d5e6f70",
"url": "https://your-server.com/webhook",
"events": ["link.created", "link.updated"],
"is_active": true,
"consecutive_failures": 0,
"created_at": "2026-04-01T10:00:00Z"
}
]
}

POST /webhooks
FieldTypeRequiredDescription
urlstringYesEndpoint URL (HTTPS)
eventsstring[]YesEvent types to subscribe to
descriptionstringNoDescription

Permission: webhooks:write

Response 201: includes a secret field for signature verification (shown only once).

EventTrigger
link.createdLink created
link.updatedLink updated
link.deletedLink deleted
link.expiredLink expired (defined but not currently emitted)
domain.verifiedDomain DNS verified
domain.expiredDomain verification expired (defined but not currently emitted)
domain.suspendedDomain suspended
api_key.createdAPI key created
api_key.revokedAPI key revoked
team.member_addedTeam member added
team.member_removedTeam member removed
subscription.upgradedTier upgraded
subscription.downgradedTier downgraded
bulk_import.completedBulk import finished
conversionConversion tracked

GET /webhooks/{id}

Permission: webhooks:read


PATCH /webhooks/{id}
FieldTypeDescription
urlstringNew endpoint URL
eventsstring[]Replace subscribed events
descriptionstringNew description
is_activebooleanEnable/disable

Permission: webhooks:write


DELETE /webhooks/{id}

Permission: webhooks:write


POST /webhooks/{id}/test

Sends a test payload to your endpoint.

Permission: webhooks:write


GET /webhooks/{id}/deliveries

Returns the 50 most recent deliveries for the endpoint, newest first. There is no pagination.

Response 200

{
"success": true,
"data": [
{
"id": "0190a8b2-9d1f-7e55-8a2b-3c4d5e6f7a81",
"endpoint_id": "0190a8b2-7c3e-7d44-9f1a-2b3c4d5e6f70",
"event_type": "link.created",
"payload": { "event": "link.created", "timestamp": "2026-04-08T10:00:00Z", "data": { } },
"status": "delivered",
"attempt_number": 1,
"max_attempts": 3,
"http_status": 200,
"response_body": "ok",
"error_message": null,
"next_retry_at": null,
"created_at": "2026-04-08T10:00:00Z",
"delivered_at": "2026-04-08T10:00:01Z"
}
]
}

status is one of pending, delivered, failed, or retrying.

Permission: webhooks:read

Your endpoint receives:

{
"event": "link.created",
"timestamp": "2026-04-08T12:00:00Z",
"data": { ... }
}

Every delivery includes:

HeaderDescription
X-QCK-Signaturesha256=<hex>: HMAC-SHA256 of the raw request body, keyed with the endpoint secret
X-QCK-EventEvent type
X-QCK-DeliveryDelivery ID

Compute HMAC-SHA256 over the raw body with your endpoint secret (returned once at creation) and compare it to the hex digest in X-QCK-Signature.

Failed deliveries are retried up to 3 attempts with exponential backoff (30s, 120s, 480s). Endpoints are auto-disabled after 10 consecutive failures.

TierEndpoints
Free1
Basic ($19/mo)2
Growth ($49/mo)5
Pro ($99/mo)10
Business ($249/mo)25