Webhook Authentication and Delivery Setup

After defining the topics they wish to subscribe to, clients will receive a secure HMAC key from Newline. This key is used to verify the authenticity of webhook events via signature validation.

All webhook event deliveries are made over HTTPS using TLS encryption. Clients must expose a secure API endpoint capable of receiving and validating these events.

Webhook Delivery Endpoints

Webhook events are delivered to the client-provided base URL. This URL must be:

• Secure (HTTPS)
• Publicly accessible
• Capable of responding within 5 seconds

Clients should follow a consistent naming convention for their endpoints, such as: