Subscribe to file.submitted, file.rejected, file.approved. The platform pushes every status change in under 2 seconds with HMAC-SHA256 signature and automatic retries.
Configure a destination URL, sign with HMAC and receive every event with a typed JSON payload. Automatic retries with exponential backoff.
POST /hooks
X-Booka-Signature: t=1713694331,v1=5257a869...
Content-Type: application/json
{
"id": "evt_9f8e...",
"type": "file.approved",
"data": {
"file_id": "file_abc123",
"regulator": "SCFHS",
"approved_at": "2026-04-21T10:32:11Z"
}
}import { verifyWebhook } from "@booka/sdk";
app.post("/hooks", (req, res) => {
const event = verifyWebhook(
req,
process.env.BOOKA_HOOK_SECRET
);
if (event.type === "file.approved") {
// sync to ATS / CRM
}
res.sendStatus(200);
});file.submitted, file.approved, file.rejected, verification.completed. Each event with strict JSON payload and version.
Each request signed with your BOOKA_HOOK_SECRET. Verify the signature before processing — the SDK does it for you in 1 line.
Automatic retries up to 5 times with exponential backoff. Timeout per attempt: 30 seconds.
The platform pushes the event in under 2 seconds from the status change at the regulator.
Only HTTPS endpoints with TLS 1.3 are accepted. No exceptions. Prevents exposure of candidate data in transit.
30-day history, filter by type, manual resend and error logs with raw payload for debugging.
TypeScript SDK with built-in verifyWebhook, OpenAPI contracts and sandbox with simulated events. Real status from the first file.
Free sandbox · TypeScript SDK · HMAC-SHA256 · TLS 1.3 required