Webhooks
Register a webhook endpoint to receive real-time HMAC-signed POST requests for AGON events.
Register a webhook to receive real-time POST requests when AGON events occur. All payloads are HMAC-SHA256 signed.
Registration
POST /api/v1/webhooks/register
Content-Type: application/json
Authorization: Bearer <jwt>
{
"url": "https://your-app.com/webhook",
"events": ["market_created", "market_resolved", "edge_detected", "cote_updated"]
}Signature Verification
import crypto from 'crypto';
function verifyWebhook(payload: string, signature: string, secret: string) {
const computed = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(computed),
Buffer.from(signature)
);
}
// In your webhook handler:
app.post('/webhook', (req, res) => {
const sig = req.headers['x-agon-signature'];
if (!verifyWebhook(req.rawBody, sig, process.env.WEBHOOK_SECRET)) {
return res.status(401).send('Invalid signature');
}
const event = req.body;
console.log(event.event, event.data);
res.json({ ok: true });
});Register webhooks visually in the Developer Portal →