Skip to main content
WEBHOOK
signature.event
{
  "event": "signature.completed",
  "signatureRequestId": "0193c2c3-2222-7aaa-8bbb-000000000002",
  "renderId": "0193c2c3-1111-7aaa-8bbb-000000000001",
  "status": "completed"
}

Authorizations

Authorization
string
header
required

Project API key (ck_live_… or ck_test_…) presented as a bearer token. For embed partner endpoints this is the partner secret key, which is the same credential type.

Headers

x-craftkit-event
string
required

The event name (mirrors the body's event field).

Example:

"render.succeeded"

x-craftkit-signature
string
required

HMAC-SHA256 of the raw request body, keyed with the subscription secret, hex-encoded (no prefix). Verify before trusting the payload.

x-craftkit-timestamp
string
required

Unix epoch seconds when the delivery was signed. Use with the signature to reject stale replays.

x-craftkit-delivery-id
string<uuid>
required

Stable delivery id, reused across retries. Key your idempotency on it.

Body

application/json

Body of a signature.* webhook. Provider-neutral: no third-party event type or identifier appears. Only event, signatureRequestId, and renderId are guaranteed on every event; the rest depend on the event.

event
enum<string>
required
Available options:
signature.sent,
signature.viewed,
signature.signed,
signature.completed,
signature.declined,
signature.expired,
signature.cancelled
signatureRequestId
string<uuid>
required
renderId
string<uuid>
required
status
string

Provider-neutral request status. Present on lifecycle events.

Example:

"completed"

name
string

Request name. Present on signature.sent.

recipients
object[]

Recipient snapshot. Present on signature.sent.

reason
string | null

Decline/cancel reason, when provided.

Response

2XX

Return any 2xx to acknowledge. Non-2xx / timeout triggers retry.