Developer platform & API

Signed webhooks

Subscribe to document, tag, and signature events with HMAC-signed delivery.

3 min read · Updated June 28, 2026


Webhooks push events to your endpoint as they happen, so your systems react in real time. Every delivery is HMAC-signed so you can verify it came from Stoatify.

Events

  • Documents: document.created, document.updated, document.deleted, document.restored.
  • Tags: tag.added, tag.removed.
  • E-signatures: submission.sent, submission.completed, submission.declined, submission.expired.

Set one up

  1. 1Open Settings → Notifications → Webhooks and add an endpoint URL.
  2. 2Choose the events, and an optional filter so you only receive documents that match a query.
  3. 3Store the signing secret and verify the X-Stoatify-Signature (sha256=...) on each request.
  • Each webhook keeps a delivery log you can inspect, and failed deliveries are retried (up to five times, a minute further apart each time).
  • Test-fire a webhook to check your endpoint before relying on it.

Good to know

Webhooks are part of the paid plans (Pro on personal, Team on business), and deliveries are guarded against internal-network targets. See Securing programmatic access.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app