Create an Event Subscription via the Increase dashboard or POST to the event-subscriptions API endpoint, specifying your publicly accessible HTTPS callback URL and optionally filtering to a single event category.
For each inbound webhook POST, extract the webhook-id, webhook-timestamp, and webhook-signature headers; these follow the Standard Webhooks specification.
Verify the signature by concatenating webhook-id + '.' + webhook-timestamp + '.' + raw_request_body, computing HMAC-SHA256 with your endpoint's signing secret, Base64-encoding the result, and prepending 'v1,'.
Compare the computed signature to the webhook-signature header value using constant-time comparison, and reject requests where webhook-timestamp is older than 5 minutes.
To recover from outages, poll the List Events API ordered by oldest-first using order_by.field=created_at&order_by.direction=ascending and persist the next_cursor across runs.
When the response data array is empty you have reached the most recent event; store the current next_cursor to resume at the next poll cycle.
Known gotchas
Increase retries failed webhooks up to 8 attempts over approximately 72 hours; events not received after that window must be recovered via the List Events API, which retains events for 30 days.
Individual Event objects contain only the associated_object_type and associated_object_id, not the full resource payload — always fetch the referenced resource from the API to get current state.
Webhook deliveries are not guaranteed to arrive in order or exactly once; implement idempotency using the Event id as a deduplication key before processing.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp