Webhooks

Signed webhook events and delivery history

ProspectB2B can push signed events to your webhook sink for lead changes, imports, exports and campaign lifecycle changes. The authenticated workspace keeps delivery history and supports manual retries.

Browse referenceOpenAPI JSONCreate API key
Signature
HMAC SHA-256
Secret display
Shown once
Retries
Automatic + manual
Events
9 supported

Supported events

Subscribe only to the events your integration actually processes.

  • lead.created
  • lead.updated
  • import.completed
  • import.failed
  • export.completed
  • export.failed
  • campaign.created
  • campaign.updated
  • campaign.published

Delivery headers

Every webhook delivery includes explicit event, delivery and signature headers.

X-ProspectB2B-Event: lead.created
X-ProspectB2B-Delivery: del_123
X-ProspectB2B-Timestamp: 1710000000
X-ProspectB2B-Signature: v1=...

Verify the signature

Compute the digest over `${timestamp}.${rawBody}` and compare the result against the v1 signature header.

const signature = crypto
  .createHmac('sha256', signingSecret)
  .update(`${timestamp}.${rawBody}`)
  .digest('hex');

const expected = `v1=${signature}`;

Retry behavior and troubleshooting

Failed deliveries remain visible in the authenticated API workspace and can be retried after the sink is fixed.

  • Store the signing secret immediately. The authenticated product preserves the prefix for reference, not the full secret.
  • Inspect delivery attempt_count, response_status_code, response_body_snippet and error_message when a sink fails.
  • Use manual retry only after your endpoint has been corrected or replay is explicitly desired.
  • Keep your endpoint idempotent because the delivery system can retry after timeouts or 5xx responses.