Webhooks
Receive inbound messages and lifecycle events in real time, and verify their signatures.
Webhooks deliver events to your server as they happen. Create a subscription with POST /webhooks, choosing the events you care about (or * for all):
curl -X POST https://api.blooio.com/v4/webhooks \
-H "Authorization: Bearer bl_live_..." \
-H "Content-Type: application/json" \
-d '{ "url": "https://example.com/blooio", "event_types": ["message.received", "message.*"] }'The creation response includes a signing_secret once — store it to verify deliveries.
Event envelope
{
"id": "evt_...",
"type": "message.delivered",
"created_at": 1718000000000,
"organization_id": "org_...",
"data": { }
}Verifying signatures
Each delivery is signed with your signing_secret (HMAC-SHA256). Recompute the signature over the raw request body and compare it to the signature header before trusting the payload.
Event types
Subscribe to exact types, category wildcards (e.g. message.*), or *:
- Messages —
message.received,message.queued,message.sent,message.delivered,message.failed,message.read,message.reaction - Polls —
poll.created,poll.received,poll.voted - Groups —
group.name_changed,group.icon_changed - Contact card —
contact.shared - Typing —
typing.started,typing.stopped
Inspect and replay past deliveries with GET /webhooks/{webhookId}/deliveries.