Webhooks send real-time notifications to your systems when events occur in your Wallet-as-a-Service (Palisade) organization. As an owner or administrator, you create webhook endpoints, choose which events to subscribe to, and verify delivery signatures.
When a subscribed event occurs (for example, a transaction status changes), Palisade sends an HTTPS POST request to your configured endpoint. The request body contains a JSON payload with the event details. Palisade signs each delivery so you can verify it came from the platform.
- Go to Settings > Webhooks.
- Select Create webhook.
- Enter a name (5–100 characters) that describes the webhook's purpose.
- Enter an optional description (5–100 characters).
- Enter the URL — the HTTPS endpoint that receives webhook deliveries. The URL must use HTTPS.
- Select one or more subscriptions — the event categories that trigger deliveries:
- Transaction — "All transaction events for this organization"
- Wallet — "All wallet events for this organization"
- Approval — "All approval events for this organization"
- Select Save.
You must select at least one event subscription. You can update the subscriptions at any time after creation.
Palisade signs each webhook delivery with an ECDSA private key. Verify the signature on every delivery to confirm it came from Palisade and wasn't tampered with. Palisade retries failed deliveries automatically.
- Go to Settings > Webhooks.
- Select the webhook to view its details.
- Copy the public key displayed on the webhook detail page.
- In your application, use the public key to verify the signature included in each delivery's headers.
See Manage webhooks for code examples in Python, JavaScript, and Go.
- Go to Settings > Webhooks.
- Select the webhook you want to modify.
- Select Edit.
- Update the name, description, URL, or event subscriptions.
- Select Save.
- Go to Settings > Webhooks.
- Select the webhook.
- Select Delete.
- Confirm the deletion.
Palisade stops sending deliveries to the endpoint immediately after deletion.
Palisade offers two notification mechanisms. Use both together for complete visibility.
| Feature | Webhooks | Audit logging |
|---|---|---|
| Delivery | Real-time HTTPS push to your endpoint | Palisade batches deliveries to AWS Firehose (~15 second buffer) |
| Scope | Subscribed event types only (transactions, wallets, approvals) | All API calls and console actions |
| Use case | Trigger downstream workflows, such as updating your database when a transaction confirms | Compliance reporting, incident investigation, access review |
| Retention | Your endpoint processes and stores | Your Firehose destination (S3, Splunk, etc.) |
See Configure audit logging for Firehose setup.
- Use HTTPS only — webhook URLs must use HTTPS. This protects event payloads in transit.
- Verify signatures on every delivery — never process a webhook payload without verifying the signature first.
- Implement idempotent processing — your endpoint may receive the same event more than once. Use the event ID to deduplicate.
- Respond with 2xx quickly — return a 2xx status code as soon as you receive the webhook. Process the payload asynchronously to avoid timeouts.
- Monitor for failures — set up alerting on your endpoint to detect delivery failures or downtime.
- Use webhooks instead of polling — for production integrations, webhooks are more efficient and timely than polling the API for status changes.
- Manage webhooks — Reference documentation with signature verification code examples
- Integrations overview — Overview of integrations