← Docs API Reference

Webhooks.

Subscribe to policy, claims, billing, and agent events. All payloads are signed with HMAC-SHA256 for verification.

Event Types

policy.bound

policy.endorsed

policy.cancelled

policy.renewed

claim.filed

claim.assigned

claim.settled

claim.closed

payment.received

payment.failed

invoice.generated

invoice.overdue

Payload Format

Webhook Payload

{
  "id": "evt_8k2nf9",
  "type": "policy.bound",
  "version": "2026-03-01",
  "data": {
    "policy_id": "pol_928374",
    "premium": 11847.23,
    "lob": "COMMERCIAL_AUTO"
  },
  "created_at": "2026-03-01T00:00:00Z"
}

Signature Verification

Every webhook includes an X-OpenInsure-Signature header. Compute HMAC-SHA256 of the raw body using your webhook secret and compare. Reject any payload where the signature does not match.

Retry Policy

Failed deliveries (non-2xx response) are retried with exponential backoff: 1 minute, 5 minutes, 30 minutes, 2 hours, 12 hours. After 5 failures, the webhook is disabled and an alert is sent to your admin email.