Webhooks
Events & Payloads
This page covers the different types of webhook events you can subscribe to and the structure of the data we send to your endpoint.
Available Events
domain.flagged.disposable
Triggers when a new domain is flagged as disposable in our systems and you've previously made requests for it using an API key that matches your webhook's environment within the last 30 days.
This is useful for updating your local cache or taking immediate action when a domain you've previously validated becomes flagged as disposable.
domain.flagged.relay
Same as above, but for relay domains.
domain.flagged.spam
Same as above, but for spam domains.
Webhook Payload
When an event occurs, we'll send a POST request to your webhook endpoint with the following structure:
Example Payloads
{
"event": "domain.flagged.disposable",
"created_at": "2025-03-26T14:30:25+00:00",
"data": {
"domain": "example.com"
}
}
Payload Fields
| Field | Type | Description |
|---|---|---|
event |
string | The type of event that occurred |
created_at |
string | ISO 8601 timestamp of when the event occurred |
data |
object | Event-specific data containing relevant information |
Request Headers
When we send a webhook to your endpoint, the request includes several helpful headers:
| Header | Description |
|---|---|
X-UserCheck-Signature |
HMAC SHA-256 signature for verification |
X-UserCheck-Event-Type |
The event type (e.g., domain.flagged.disposable) |
X-UserCheck-Delivery-ID |
Unique identifier for this delivery attempt |
X-UserCheck-Attempt |
Current attempt number |