Webhooks

Real-time platform events for your system

Subscribe to what happens inside AthenaText: new messages, qualified leads, and completed conversations. We POST a signed JSON payload to any HTTPS endpoint, retry automatically, and keep 7 days of replayable delivery history.

How it works
01

Register an endpoint

Create a webhook in your dashboard or via POST /v1/webhooks. Subscribe to one or more event types per endpoint.

02

We POST events

When something happens, we send a JSON payload to your URL. Every request is HMAC-SHA256 signed with your endpoint's secret.

03

Verify & respond

Verify the signature, process the event, return a 2xx within 10 seconds. Non-2xx responses are retried with exponential backoff for up to 24 hours.

Event catalog
message.received
An inbound SMS message from a lead has been received and parsed.
Fires on: every inbound message · Delivered within 1s of carrier receipt
message.delivered
An outbound message reached the destination handset (carrier-confirmed).
Fires on: delivery receipt from carrier · Typically within 2–10s of send
lead.qualified
A lead crossed your qualification threshold. Includes final score and matched signals.
Fires on: qualification state transition to qualified
lead.opted_out
A lead has sent STOP or an equivalent opt-out keyword. They are automatically suppressed.
Fires on: any recognized opt-out · Suppression is immediate
conversation.completed
A conversation has reached its configured terminal state: booked, disqualified, or opted-out.
Fires on: conversation lifecycle end · Includes full transcript reference
agent.requested
A lead has requested a human agent, or the AI has triggered handoff based on your rules.
Fires on: handoff trigger · Routed to the configured notification channel
Example payload

Every event shares an envelope with id, type, created, and a typed data object. Below is a real lead.qualified payload.

{
  "id": "evt_8b1a2c3d4e",
  "type": "lead.qualified",
  "created": "2026-04-14T16:29:48Z",
  "workspace_id": "ws_prod_42ae",
  "data": {
    "lead_id": "lead_4c88e100",
    "conversation_id": "conv_7f3a91b2",
    "phone": "+15551234567",
    "qualification": {
      "score": 0.87,
      "signals": ["budget", "timeline", "decision_maker"],
      "confidence": "high"
    },
    "campaign_id": "camp_spring_homes",
    "attributes": {
      "listing": "elm-st",
      "budget": 450000
    }
  }
}
Signature verification

Every request carries a Athena-Signature header: a timestamp and an HMAC-SHA256 signature of timestamp.body, keyed by your endpoint's signing secret. Verify both the signature and that the timestamp is within 5 minutes.

// Node.js — verify an AthenaText webhook signature
const crypto = require('crypto');

function verify(rawBody, header, secret) {
  const [tsPart, sigPart] = header.split(',');
  const timestamp = tsPart.split('=')[1];
  const signature = sigPart.split('=')[1];

  const expected = crypto
    .createHmac('sha256', secret)
    .update(timestamp + '.' + rawBody)
    .digest('hex');

  const fresh = Math.abs(Date.now() / 1000 - timestamp) < 300;
  const match = crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
  return fresh && match;
}

Start building with webhooks

Create your first endpoint in the dashboard or via the API. We'll send test events before flipping live traffic so you can verify end to end.

See the API