Event model
Every event is named{domain}.{action} — for example order.filled, transfer.deposit.completed, kyc.verification.approved. Subscribe to a whole domain with a wildcard: order.*, transfer.*.
List the available event types with GET /v1/webhooks/event-types.
Registering an endpoint
Create a webhook withPOST /v1/webhooks, passing your url and the events you want in eventTypeNames (an array of event names or wildcards):
eventTypeNames — not events. Manage endpoints with GET /v1/webhooks, PATCH /v1/webhooks/{webhook_id}, and DELETE /v1/webhooks/{webhook_id}.
Webhook management is a tenant-level operation. Investor-scoped API keys are
rejected on these routes.
Delivery and retries
POST with the event payload and expects a 2xx promptly. If your endpoint fails or times out, delivery is retried with exponential backoff; after retries are exhausted the event is parked for replay.
Handle delivery defensively:
- Respond fast — return
2xxquickly and process asynchronously. - Expect duplicates — the same event may arrive more than once; dedupe on the event id.
- Verify signatures — validate the signature header so you only act on genuine Bluum requests.
- Use HTTPS — required for production endpoints.
For registering an endpoint and consuming events step by step, see the journey guide:
Handle webhooks. Webhook schemas are in the
API reference.