Reap sends HTTP POST requests to your endpoint whenever resources change. Use webhooks to stay in sync without polling.
Setup
Provide your webhook URL and signing secret to the Reap team. You can choose which event types to receive.
Your endpoint must return a 2xx status code to acknowledge each delivery. Non-2xx responses or timeouts trigger automatic retries with exponential backoff over approximately 48 hours.
Event envelope
Every delivery wraps event data in a standard envelope:
{
"id": "evt_01J5K7Q8R9T0V1W2X3Y4Z5A6B7",
"type": "CRYPTO_DEPOSIT_CREATED",
"data": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"accountId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"chainId": "BASE",
"status": "PENDING",
"amount": "100.00"
}
}
| Field | Type | Description |
|---|
id | string | Unique event ID. Use for idempotency. |
type | string | Event type, e.g. CRYPTO_DEPOSIT_CREATED. |
data | object | Payload matching the corresponding API resource. |
| Header | Description |
|---|
X-Reap-Webhook-Id | Unique event ID (same as id in the body). |
X-Reap-Webhook-Timestamp | Unix timestamp (seconds) of signature generation. |
X-Reap-Webhook-Signature | HMAC-SHA256 signature. See Signature Verification. |
Content-Type | Always application/json. |
Event types
| Event | Description |
|---|
USER_APPLICATION_STATUS_UPDATED | User application status changed (KYC approval, rejection, etc.) |
COMPANY_STATUS_UPDATED | Company status changed (KYB approval, rejection, etc.) |
CRYPTO_DEPOSIT_CREATED | New on-chain deposit detected |
CRYPTO_DEPOSIT_STATUS_UPDATED | Deposit status changed (approved, rejected, etc.) |
CARD_STATUS_UPDATED | Card status changed (activated, frozen, blocked, etc.) |
ACCOUNT_STATUS_UPDATED | Account status changed (restricted, reactivated, etc.) |
CARD_TRANSACTION_CREATED | New card transaction |
CARD_TRANSACTION_UPDATED | Card transaction lifecycle event (clearing, reversal, refund, etc.) |
Payloads match the shape of the corresponding API resource. For example, CRYPTO_DEPOSIT_CREATED data matches GET /crypto-deposits/:id.
Best practices
- Return quickly. Respond with
2xx within a few seconds. Process heavy work in the background.
- Be idempotent. Events may be delivered more than once. Use the
id field to skip duplicates.
- Verify signatures. Always verify the signature before processing.