Early bird discounts live! Claim your offer
MemberPass Logo
Back to MemberPass

Outbound Webhooks & Events

Event-driven HTTPS notifications from MemberPass to your server, Zapier, or anywhere else that speaks JSON over POST.

Outbound webhooks let any HTTPS endpoint subscribe to a curated list of MemberPass events. When something happens — a subscription activates, a payment fails, a member is banned — MemberPass POSTs a signed JSON envelope to every endpoint subscribed to that event.

Lifecycle

  1. Create an endpointPOST /v1/webhook-endpoints with {name, url, events[]}. Response includes a one-time secret.
  2. Event fires inside MemberPass — a creator or subscriber action triggers a domain event.
  3. Fan-outWebhookDispatcher looks up every active endpoint subscribed to the event within the firing team / project and queues a DeliverWebhookJob per endpoint on the Horizon webhooks queue.
  4. Delivery — the job POSTs the signed payload. 2xx response → delivered. non-2xx or timeout → retry with exponential backoff.
  5. Retry curve — up to 8 attempts over roughly four days: 10s, 30s, 2m, 10m, 1h, 6h, 24h, 72h.
  6. Dead letter — on the eighth failure the delivery is marked dead. After 20 consecutive failures the endpoint auto-disables until the creator re-enables it.

What lives in every payload

{
  "id": "evt_01HX...",
  "type": "subscription.created",
  "created_at": "2026-05-18T10:05:00Z",
  "api_version": "2026-05-01",
  "project_id": "prj_...",
  "data": { "...event-specific..." }
}
  • id — ULID, unique per delivery. Use it for consumer-side idempotency.
  • type — matches one of the catalog entries.
  • created_at — ISO8601 server time; not the arrival time at your endpoint.
  • api_version — locks the event shape. Breaking-change events will ship under a new version.
  • project_id — null for team-scoped events (e.g., billing.*).
  • data — event-specific payload.

What lives in every request header

  • Content-Type: application/json
  • User-Agent: MemberPass-Webhooks/<version>
  • MP-Signature: t=<unix>,v1=<hex> — HMAC-SHA256 over "<t>.<raw_body>". See signature verification.
  • MP-Event-Id: <ulid> — mirrors payload.id
  • MP-Event-Name: <type> — mirrors payload.type

Reject any request where |now - t| > 300. The 5-minute tolerance window is the replay-attack defence. It's the consumer's job to enforce it; MemberPass enforces it in the verify helper for parity.

Ordering guarantees

  • Deliveries are not strictly ordered. A subscription.expired may arrive before its preceding subscription.cancelled under retry.
  • Consumers should be idempotent on event_id and accept out-of-order delivery. Use the most recent event per resource when reconciling state.

Where to go next

Quickstart

Subscribe to your first event in 5 minutes.

Signature verification

HMAC-SHA256 recipe in Node, PHP, and Python.

Retries and delivery

Backoff curve, dead-letter, and how to replay.

Event reference

All 71 events with required abilities.

How is this guide?

Webhooks Quickstart

Subscribe to an event, receive a signed payload, verify it, respond 200 — end to end in five minutes.

On this page

Lifecycle
What lives in every payload
What lives in every request header
Ordering guarantees
Where to go next

MemberPass is a product designed by you — for you.

No boardroom full of executives deciding what we ships next. Our roadmap always shaped by you with your feedback.

Share feedback or a request