Webhooks
Receive real-time HTTP callbacks when events occur in Legistry AI.
Setup
Configure a webhook endpoint in Settings → Webhooks or via the API:
POST /api/v1/webhooks/subscribe{
"url": "https://yourapp.com/webhooks/legistry",
"events": ["contract.created", "signature.completed", "compliance.alert"],
"secret": "your-webhook-secret"
}Event Types
| Event | Triggered When |
|---|---|
contract.created | A new contract is created |
contract.updated | A contract is modified |
contract.deleted | A contract is deleted |
contract.analyzed | AI analysis completes |
signature.requested | Signature request sent |
signature.viewed | Signer viewed the document |
signature.completed | Signature collected |
signature.declined | Signer declined |
signature.expired | Request expired |
compliance.alert | New compliance issue found |
vendor.created | New vendor added |
vendor.risk_assessed | Risk assessment completed |
team.member_joined | New team member registered |
Payload Format
{
"event": "signature.completed",
"timestamp": "2026-03-08T14:30:00Z",
"data": {
"signature_id": "sig-uuid",
"contract_id": "contract-uuid",
"signer_name": "Jane Smith",
"signer_email": "jane@acme.com"
},
"organization_id": "org-uuid"
}Security
Every webhook request includes a signature header:
X-Legistry-Signature: sha256=abc123...
X-Legistry-Event: signature.completed
X-Legistry-Delivery: unique-delivery-idVerifying Signatures
import hmac
import hashlib
def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(
secret.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)Retry Policy
Failed deliveries are retried up to 3 times with exponential backoff:
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 30 seconds |
| 3 | 5 minutes |
If all retries fail, the webhook is marked as failed in the dashboard.