When registering/enabling a webhook subscription, a validation event is dispatched to the specified delivery URL.
The delivery URL will be validated upon creation, and it is expected to respond with an HTTP 200 status code to the POST request initiated by Unify.
The validation request or event will contain a header x-apideck-event-type:
apideck.subscription.created and request body structured as follows:
{"message":"Validating delivery URL"}
Webhook Validation event sample:
Webhook Unify event sample:
Apideck intentionally doesn't send a payload resembling the actual event payload during validation. This approach prevents the processing system linked to the delivery URL from triggering unintended business logic and potentially inserting unwanted data.
Many organizations implement two processing flows for webhook events. You can differentiate between the validation event and actual webhook events using:
The HTTP headers
x-apideck-event-typeandx-apideck-idempotency-key, which is not included or different in the validation request.The request body payload, which can be either
{"message"}for validation or{"payload": {}}for actual webhook events.
By using these mechanisms, you can accurately distinguish between validation events and Unify webhook events.