Registering an endpoint
Request body
Your endpoint. Must be
https://.One or more of
message.received, message.status, otp.verified, template.status.Response
Listing and removing webhooks
id, url, events, status, and timestamps.
Verifying signatures
Every webhook request includes anX-Tanvik-Signature header — an HMAC-SHA256 signature of the raw request body, signed with the secret you got at registration.
Delivery and retries
- Your endpoint must respond with a
2xxstatus within 10 seconds. - Failed deliveries are retried: 1 minute, 5 minutes, 30 minutes, then hourly.
- After 24 hours of a delivery still failing, that endpoint is automatically set to
paused— checkGET /v1/webhooksto seestatusandpause_reason. Re-registering (or a future re-activate endpoint) is needed to resume it.
Event types
| Event | Fired when |
|---|---|
message.received | A customer sends you a WhatsApp message |
message.status | A sent message changes status (sent, delivered, read, failed) |
otp.verified | A customer successfully verifies an OTP |
template.status | A submitted template is approved or rejected by Meta |
Webhooks are polled into your account continuously for messages and OTPs.
template.status specifically depends on Tanvik’s template sync running for your account — if you need it to fire faster after a Meta review, ask your account team.