Browse All Events

events

Concerts & Live MusicFestivals & FairsTheater & Performing ArtsComedy & Stand-UpNightlife & ClubsSports & GamesFitness & WellnessOutdoor & Adventure

Popular Destinations

Sedona
PricingBlog
Event organizers
Knowledge BaseIntegrations & API

Webhooks

Real-time event notifications, payload formats, and security verification.

8 min readUpdated 2025-01-14

Webhooks notify your application when events occur in BrightStar. Configure endpoints to receive real-time updates on orders, check-ins, and more.

Available Events

Order Events

order.created - New order placed
order.refunded - Full/partial refund issued
order.cancelled - Order cancelled

Ticket Events

ticket.checked_in - Ticket scanned
ticket.transferred - Ticket sent to new owner

Event Events

event.published - Event went live
event.updated - Event details changed
event.cancelled - Event cancelled

Payload Format

json
// POST to your webhook URL
{
  "id": "whk_abc123xyz",
  "type": "order.created",
  "created_at": "2025-01-15T10:30:00Z",
  "data": {
    "order": {
      "id": "ord_123",
      "event_id": "evt_456",
      "total": 10000,
      "currency": "usd",
      "tickets": [
        {
          "id": "tkt_789",
          "type": "General Admission",
          "attendee_name": "Jane Doe",
          "attendee_email": "jane@example.com"
        }
      ]
    }
  }
}

Signature Verification

javascript
// Verify webhook authenticity
// Header: X-BrightStar-Signature

const crypto = require("crypto")

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(payload)
    .digest("hex")
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expected}`)
  )
}

// Always verify before processing!
if (!verifyWebhook(body, req.headers["x-brightstar-signature"], SECRET)) {
  return res.status(401).send("Invalid signature")
}

Webhook tester and log viewer

Interactive component coming soon

Retry Policy

Initial Delivery

Timeout: 30 seconds
Expected response: HTTP 2xx

Retry Schedule (on failure)

Retry 1: 1 minute
Retry 2: 5 minutes
Retry 3: 30 minutes
Retry 4: 2 hours
Retry 5: 24 hours
After 5 failures: Webhook disabled

Re-enable

Fix endpoint, then re-enable in Settings

Best Practices

Secure webhook handling:

  • Always verify signature before processing
  • Respond with 200 immediately (process async)
  • Handle duplicate deliveries (use webhook ID)
  • Log all received webhooks for debugging
  • Use HTTPS endpoints only
  • Keep webhook secret secure (not in code)
Webhooks will be disabled after 5 consecutive failures. Monitor your endpoint health and check Settings → Webhooks for delivery logs.

Related Articles

REST API Reference

15 min read

API Authentication & Security

7 min read

Ticket Validation API

6 min read

Ready to get started?

Create your first event on BrightStar — it's free.

Create Free AccountContact Support
Back to Knowledge Base