Log into the Accredible dashboard and navigate to Settings > Integrations > Webhooks; register a webhook endpoint URL that accepts POST requests with a valid SSL certificate
Select the event types to subscribe to: credential.viewed, credential.shared, credential.downloaded, and credential.created are available event categories
Accredible signs webhook payloads with an HMAC-SHA256 signature sent in the X-Accredible-Signature header; verify this signature by computing HMAC-SHA256 of the raw request body using your webhook secret as the key
Parse the webhook JSON payload: the event object contains event_type, occurred_at, and data containing the credential object with id, recipient name, group_id, and url
Respond with HTTP 200 within 10 seconds; Accredible retries failed deliveries up to 3 times with exponential backoff
Use the credential id from the webhook payload to call GET /v1/credentials/{id} if you need the full credential record, as webhook payloads contain summary data only
Known gotchas
Webhook delivery is not guaranteed to be in order; credential.viewed events may arrive before credential.created if there is a delivery delay—use occurred_at timestamps rather than delivery order for sequencing
Accredible webhooks do not include sensitive PII (email address) in the payload by default; applications that need the recipient's email must make a separate API call using the credential id
HMAC signature verification must be performed on the raw request body bytes before any JSON parsing; parsing and re-serializing the body before verification will cause signature mismatches
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp