Webhooks with guaranteed delivery
Get notified in real time when links are clicked, apps are installed, and referrals convert. HMAC-signed payloads with automatic retries and full delivery logs.
Know what happens, when it happens
Subscribe to the events that matter. Every webhook delivers a JSON payload signed with HMAC-SHA256, so you can verify authenticity on your end.
link.clicked
Every deep link click
deferred_link.claimed
Deferred link matched on install
install.tracked
App install detected
referral.created
New referral code used
referral.completed
Referral milestone reached
Built for reliability
Every delivery is signed, retried on failure, and logged for debugging.
HMAC-SHA256 Signatures
Every payload includes an X-Webhook-Signature header. Verify it server-side with your webhook secret to confirm authenticity.
Automatic Retries
Three retry attempts at 1 minute, 5 minutes, and 30 minutes. Any non-2xx response or 10-second timeout triggers a retry.
Delivery Logs
Every attempt is logged with status code, response time, and error message. Retained for 30 days. View the last 50 deliveries per webhook in the dashboard.
POST /your-webhook-endpoint
X-Webhook-Event: link.clicked
X-Webhook-Signature: sha256=a1b2c3...
Content-Type: application/json
User-Agent: Tolinku/1.0
{
"event": "link.clicked",
"timestamp": "2026-02-22T14:30:00Z",
"data": {
"route": "/restaurant/pizza-palace",
"country": "US",
"device": "iPhone",
"platform": "ios"
}
}
Clean, predictable JSON
Every webhook delivers a consistent JSON structure with the event type, ISO timestamp, and relevant data. Use the "Send Test" button in the dashboard to verify your endpoint before going live.
- URL validation blocks private/internal IP addresses (SSRF protection)
- Webhook secret shown once at creation (store it securely)
- "Send Test" button to verify connectivity before going live
Connect your backend to Tolinku
Set up your first webhook in under a minute. Test it before going live.