In the Deel developer portal, register a webhook endpoint URL and select the event types you want to receive (e.g., contract created, worker onboarded, payslip generated, termination initiated)
Implement HTTPS endpoint in your application to receive POST requests from Deel; respond with HTTP 200 within the timeout window to acknowledge receipt
Validate webhook authenticity by verifying the signature header on each incoming request using the webhook secret from the Deel portal
Parse the event payload, extract the event type and relevant resource IDs, and trigger your downstream workflow (e.g., provision accounts on worker onboard, revoke access on termination)
Implement idempotency in your event handler using the event ID to prevent duplicate processing if Deel retries delivery
Log all received events and acknowledgment status for audit and debugging purposes
Known gotchas
Deel will retry unacknowledged webhook deliveries; if your endpoint is slow to respond, you may receive duplicate events — always implement idempotent processing keyed on the event ID
Webhook secrets must be rotated periodically and stored in a secrets manager, not in application code or environment variables committed to source control
Not all Deel lifecycle events are available as webhooks in all account tiers; confirm event availability for your Deel plan before designing workflows that depend on specific events
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp