Outbound delivery

When an event occurs, Upsign sends an HTTPS POST to the URL you registered. The request carries a JSON body with event metadata and data for that lifecycle signal, plus headers for quick filtering and optional signature verification.

HTTP

Method: POST
URL: the HTTPS endpoint you configured for the webhook subscription.
Body: JSON with two top-level keys:

json

{
  "event": {
    "type": "document.updated",
    "id": "evt_…",
    "timestamp": "2025-01-15T10:30:00Z",
    "api_version": "v2"
  },
  "data": {
    …
  }
}

event.type — full event name (for example document.completed).
event.id — stable public id with prefix evt_ for this notification.
event.timestamp — UTC time in ISO 8601 format.
event.api_version — v2 for this API generation.
data — payload for that event type (see Events).

Treat the body as the canonical string used for signature verification—verify the X-UpSign-Signature header against the raw request body you receive.

Headers

Header	Description
`Content-Type`	`application/json`
`X-UpSign-Event`	Same as `event.type`
`X-UpSign-Type`	First segment of the event (`document`, `template`, …)
`X-UpSign-Event-ID`	Same as `event.id` (`evt_*`)
`X-UpSign-Signature`	Present when the webhook has a `secret_key` — hex digest of HMAC-SHA256 over the body

Success criteria

Upsign treats HTTP 200, 201, or 204 as a successful delivery.

Outbound delivery ​

HTTP ​

Headers ​

Success criteria ​

Outbound delivery

HTTP

Headers

Success criteria