'use client' import { Accordion, AccordionContent, AccordionItem, AccordionTrigger, } from '@/components/ui/accordion' import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs' import { Code } from '@/components/ui/code' import { AlertCircle } from 'lucide-react' const SAMPLE_PAYLOAD = { smsId: 'smsId', sender: '+123456789', message: 'message', receivedAt: 'datetime', deviceId: 'deviceId', webhookSubscriptionId: 'webhookSubscriptionId', webhookEvent: 'sms.received', } const VERIFICATION_CODE = ` // Node.js example using crypto const crypto = require('crypto'); function verifyWebhookSignature(payload, signature, secret) { const hmac = crypto.createHmac('sha256', secret); const digest = hmac.update(JSON.stringify(payload)).digest('hex'); const signatureHash = signature.split('=')[1]; return crypto.timingSafeEqual( Buffer.from(signatureHash), Buffer.from(digest) ); } // Express middleware example app.post('/webhook', (req, res) => { const signature = req.headers['x-signature']; const payload = req.body; if (!verifyWebhookSignature(payload, signature, WEBHOOK_SECRET)) { return res.status(401).json({ error: 'Invalid signature' }); } // Process the webhook console.log('Webhook verified:', payload); res.status(200).send('OK'); }); ` const PYTHON_CODE = ` # Python example using hmac import hmac import hashlib import json from flask import Flask, request app = Flask(__name__) def verify_signature(payload, signature, secret): expected = hmac.new( secret.encode('utf-8'), json.dumps(payload).encode('utf-8'), hashlib.sha256 ).hexdigest() return hmac.compare_digest(signature.split('=')[1], expected) @app.route('/webhook', methods=['POST']) def webhook(): signature = request.headers.get('X-Signature') if not verify_signature(request.json, signature, WEBHOOK_SECRET): return 'Invalid signature', 401 # Process the webhook print('Webhook verified:', request.json) return 'OK', 200 ` export function WebhookDocs() { return (
Webhook Delivery Information

When a new SMS is received, we'll send a POST request to your webhook URL with the event data. Your endpoint should:

  • Accept POST requests
  • Return a 2XX status code to acknowledge receipt
  • Process the request within 10 seconds

If we don't receive a successful response, we'll retry the delivery at increasing intervals: 3 minutes, 5 minutes, 30 minutes, 1 hour, 6 hours, 1 day, 3 days, 7 days, 30 days.

Security & Implementation Guide
Overview Payload Verification

Each webhook request includes:

  • Payload in JSON format
  • X-Signature header for verification
  • Signature format: sha256=HMAC_SHA256(payload, secret)

Sample Payload

{JSON.stringify(SAMPLE_PAYLOAD, null, 2)}
Node.js Python {VERIFICATION_CODE} {PYTHON_CODE}
) }