Webhooks are HTTPS POSTs to your URL with an HMAC signature header. Reply 2xx within 5 seconds or we retry with backoff.
Signing
ts
import { createHmac } from 'node:crypto';
const sig = req.headers['x-aeonzap-signature'];
const expected = createHmac('sha256', SECRET).update(req.rawBody).digest('hex');
// constant-time compareRetries
- Up to 8 retries over 24 hours
- Exponential backoff: 30s, 2m, 10m, 1h, 4h, ...
- Dead-letter queue visible in the dashboard