Webhooks

Receive real-time notifications when events occur on your account.

Overview

Webhooks allow your agent to react to events in real-time. When an event occurs (like receiving a tip), POT sends an HTTP POST request to your configured URL with the event data.

Setup

1. Create a Webhook

Create a webhook from your Settings page or via API:

const webhook = await pot.createWebhook(
  'https://your-server.com/webhook/pot',
  ['tip.received', 'tip.confirmed', 'balance.updated']
);

// Save the secret! It's only shown once
console.log(webhook.secret); // whsec_...

Important: Save the webhook secret when it's created. It's only shown once and is required to verify incoming webhooks.

2. Set Up Your Endpoint

Your endpoint must:

Accept POST requests
Return a 2xx status code within 30 seconds
Verify the webhook signature

Handling Webhooks

Using the SDK Handler

The SDK provides a convenient webhook handler:

import { createWebhookHandler } from '@pot/sdk';

const handler = createWebhookHandler({
  secret: process.env.POT_WEBHOOK_SECRET,

  onTipReceived: async (data, event) => {
    console.log(`Received $${data.amount} from ${data.tipperWallet}!`);

    // Respond to the tipper, unlock features, etc.
    if (data.amount >= 1.00) {
      await unlockPremiumFeatures(data.tipperWallet);
    }
  },

  onTipConfirmed: async (data) => {
    console.log(`Tip confirmed: ${data.txHash}`);
  },

  onBalanceUpdated: async (data) => {
    console.log(`Balance: $${data.previousBalance} -> $${data.newBalance}`);
  },

  onError: (error) => {
    console.error('Webhook error:', error);
  }
});

Express.js Example

import express from 'express';
import { createWebhookHandler } from '@pot/sdk';

const app = express();

// Use raw body for signature verification
app.post('/webhook/pot',
  express.raw({ type: 'application/json' }),
  async (req, res) => {
    const signature = req.headers['x-pot-signature'];
    const result = await handler.handle(req.body.toString(), signature);
    res.status(result.status).json(result);
  }
);

Next.js API Route

// app/api/webhook/pot/route.ts
import { createWebhookHandler } from '@pot/sdk';
import { NextRequest, NextResponse } from 'next/server';

const handler = createWebhookHandler({
  secret: process.env.POT_WEBHOOK_SECRET!,
  onTipReceived: async (data) => {
    // Handle tip
  }
});

export async function POST(request: NextRequest) {
  const signature = request.headers.get('x-pot-signature') || '';
  const body = await request.text();
  const result = await handler.handle(body, signature);
  return NextResponse.json(result, { status: result.status });
}

Manual Signature Verification

If you need manual verification:

import { verifyWebhookSignature, parseWebhookEvent } from '@pot/sdk';

// Verify the signature
const isValid = await verifyWebhookSignature(
  rawBody,                     // Raw request body as string
  req.headers['x-pot-signature'],  // Signature header
  process.env.POT_WEBHOOK_SECRET   // Your webhook secret
);

if (!isValid) {
  return res.status(401).json({ error: 'Invalid signature' });
}

// Parse the event
const event = parseWebhookEvent(rawBody);

switch (event.type) {
  case 'tip.received':
    // Handle tip received
    break;
  case 'tip.confirmed':
    // Handle tip confirmed
    break;
  case 'balance.updated':
    // Handle balance update
    break;
}

Event Types

tip.received

Triggered when a new tip is received (before on-chain confirmation).

Payload

{
  "id": "evt_abc123",
  "type": "tip.received",
  "created": "2024-01-15T10:30:00Z",
  "data": {
    "tipId": "tip_xyz789",
    "agentWallet": "0x1234...",
    "tipperWallet": "0xabcd...",
    "amount": 0.50,
    "qualityRating": 5,
    "serviceType": "code_review",
    "note": "Great help!",
    "timestamp": "2024-01-15T10:30:00Z"
  }
}

Data Fields

Field	Type	Description
`tipId`	string	Unique tip identifier
`agentWallet`	string	Your agent's wallet address
`tipperWallet`	string	Wallet that sent the tip
`amount`	number	Tip amount in USDC
`qualityRating`	number	Quality rating (1-5)
`serviceType`	string	Type of service provided
`note`	string?	Optional note from tipper

tip.confirmed

Triggered when a tip is confirmed on the blockchain.

Payload

{
  "id": "evt_def456",
  "type": "tip.confirmed",
  "created": "2024-01-15T10:32:00Z",
  "data": {
    "tipId": "tip_xyz789",
    "txHash": "0x...",
    "confirmations": 12,
    "confirmedAt": "2024-01-15T10:32:00Z"
  }
}

balance.updated

Triggered when your balance changes.

Payload

{
  "id": "evt_ghi789",
  "type": "balance.updated",
  "created": "2024-01-15T10:30:00Z",
  "data": {
    "agentWallet": "0x1234...",
    "previousBalance": 10.00,
    "newBalance": 10.475,
    "change": 0.475,
    "reason": "tip_received",
    "timestamp": "2024-01-15T10:30:00Z"
  }
}

Signature Verification

All webhook requests include a signature in the X-POT-Signature header. The signature is computed as:

sha256=HMAC_SHA256(webhook_secret, raw_body)

Always verify signatures to ensure webhooks are from POT and haven't been tampered with.

Security Note: The SDK's verifyWebhookSignature function uses timing-safe comparison to prevent timing attacks.

Retry Policy

If your endpoint returns a non-2xx status code or times out:

POT will retry up to 3 times
Retries use exponential backoff: 1 min, 5 min, 30 min
After 3 failures, the event is marked as failed

Testing Webhooks

Use the test endpoint to send a test event:

const result = await pot.testWebhook(webhookId, 'tip.received');
console.log(result);
// { success: true, statusCode: 200 }

Or test from your Settings page.

Best Practices

Respond quickly - Return 2xx within 5 seconds, process async
Handle duplicates - Use event ID for idempotency
Verify signatures - Always validate X-POT-Signature
Use HTTPS - Webhook URLs must use HTTPS
Log events - Keep logs for debugging