Webhooks overview
Webhooks let LetsPost push real-time event notifications to your server the moment something happens — a post goes live, an account disconnects, a payment clears. No polling required.
How delivery works
When an event fires, LetsPost sends an HTTP POST request to your registered endpoint with a JSON body and two important headers:
X-LetsPost-Event— the event type, e.g.post.published.X-LetsPost-Signature— an HMAC-SHA256 signature of the raw body, prefixed withsha256=. Always verify this before trusting the payload.
Your endpoint must respond with a 2xx status within 10 seconds. Anything else (timeout, 4xx, 5xx) is treated as a delivery failure and triggers the retry schedule below.
Retry schedule
LetsPost retries failed deliveries up to 5 attempts with exponential backoff:
| Attempt | Delay after previous failure |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry | 12 hours |
After 5 failed attempts the event is marked permanently failed and no further retries are made. Each delivery attempt includes the same id field in the payload — use it to deduplicate events on your end.
Plan limits
| Plan | Webhook endpoints |
|---|---|
| Free | Not available |
| Starter | Not available |
| Pro | 3 endpoints |
| Max | Unlimited |
Quick start
- Register an endpoint via
POST /v1/webhooksand save thesecretreturned — it's shown only once. - In your handler, verify the
X-LetsPost-Signatureheader using the secret before processing the payload. - Respond with
200 OKas quickly as possible — offload slow work to a queue.
See the Events page for full payload shapes, and Verifying signatures for copy-paste code in Node.js, Python, PHP, and Ruby.
Something unclear? Email us — we read every message.