Outbound webhooks are part of Agencies, an Enterprise capability. The controls are OWNER-only.
Events
report.weekly
A workspace’s weekly report.
export.ready
A data export has finished and is ready to download.
credits.low
The team is projected to run out of credits before renewal.
webhook.test event is also sent by the Send test event button so you can validate your endpoint before turning delivery on.
Set It Up
Add your endpoint URL
Enter a public
https URL (private addresses and http are rejected) and save. A signing secret is generated and shown once — copy and store it now.Send a test event
Click Send test event to confirm Qwairy can reach your endpoint and your signature check passes.
Payload
Every request is aPOST with a JSON envelope:
data object is event-specific. Treat it as forward-compatible: new fields may be added, so ignore the ones you don’t use rather than rejecting the payload.
Headers
| Header | Value |
|---|---|
X-Qwairy-Event | the event name, e.g. credits.low |
X-Qwairy-Timestamp | Unix time (seconds) when the request was signed |
X-Qwairy-Signature | sha256=<hex> HMAC of the request |
Verifying the Signature
The signature is an HMAC-SHA256, keyed with your signing secret, over the timestamp and the raw request body joined with a dot —<timestamp>.<body> — using the raw bytes, before any JSON parsing.
Delivery Behavior
- Qwairy expects a
2xxresponse. Non-2xx, timeouts, and redirects count as failures. - For the weekly report and low-credit events, a failed delivery is retried on the next scheduled run; the matching email is not sent in its place.
- The export-ready event is one-shot: if delivery fails, the export still appears in your workspace’s Exports hub.

