Webhooks
Subscribe to scan, case, and verdict events. Plurall AI signs every delivery.
Webhooks are the recommended pattern for high-volume integrations. Plurall AI delivers each event at-least-once and signs every payload with HMAC-SHA256 over the body using the secret you set when the endpoint was created.
curl -X POST https://api.plurall.tech/api/v1/webhooks \
-H "Authorization: Bearer pl_sbx_key_..." \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com/plurall/webhooks","description":"Production intake","events":["scan.completed","verdict.synthetic"]}'Create a webhook endpoint
This method/path/schema block is rendered from the shared OpenAPI registry, not hand-authored page copy.
Creating an endpoint
In Integrations → Webhooks, choose an endpoint URL and a list of events. Plurall AI returns the signing secret once. Store it in your secret manager and never echo it back to the dashboard.
Verifying the signature
Each request carries `Plurall-Signature: t=<unix>, v1=<hex>`. Compute HMAC-SHA256 over `${t}.${body}` using the signing secret and compare it to v1 in constant time. Reject the request if t is more than five minutes old.
Retries
We retry failed deliveries with exponential backoff up to 6 attempts over 24 hours. Use the deliveries view in Integrations → Webhooks to inspect the full attempt history per delivery id.