Test webhook

Free - does not consume credits

curl -X POST https://xquik.com/api/v1/webhooks/15/test \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  | jq --arg webhook_id "15" '{
    webhook_id: $webhook_id,
    accepted: (.success == true),
    status_code: .statusCode,
    error: (.error // null)
  }'

These snippets shape a small deployment-check record. Store accepted, status_code, and error with the webhook ID instead of printing the full test response.

Path parameters

string

required

The webhook ID to test.

Headers

x-api-key

string

required

Your API key. This endpoint also accepts session cookie authentication.

What happens

Xquik sends a webhook.test event to your endpoint, HMAC-signed with the webhook’s secret:

Payload delivered to your endpoint

{
  "eventType": "webhook.test",
  "data": {
    "message": "Test delivery from Xquik"
  },
  "timestamp": "2026-02-27T12:00:00.000Z"
}

The signed request includes the X-Xquik-Signature, X-Xquik-Timestamp, and X-Xquik-Nonce headers. Verify the signature against the raw request body before parsing JSON, reject stale timestamps, and de-dupe recent nonces exactly as you do for production monitor deliveries. The webhook must be active. If isActive is false, Xquik returns webhook_inactive and sends no test request. Reactivate with Update Webhook, then test again before sending production monitor events to that receiver. The test endpoint does not return or rotate the signing secret. Keep using the secret returned by Create Webhook for signature verification, and keep raw request bodies, raw signatures, and full headers out of deployment logs. webhook.test payloads include eventType, data, and timestamp. They do not include deliveryId or streamEventId, so use them for reachability and signature checks rather than receiver idempotency checks.

Response

success

boolean

true when your endpoint responded with a 2xx status code.

statusCode

number

The HTTP status code returned by your endpoint.

{
  "success": true,
  "statusCode": 200
}

success

boolean

false when your endpoint returned a non-2xx status or was unreachable.

statusCode

number

The HTTP status code returned by your endpoint, or 0 if unreachable.

error

string

Error description (e.g. "HTTP 500" or a network error message).

{
  "success": false,
  "statusCode": 500,
  "error": "HTTP 500"
}

{ "error": "invalid_id", "message": "Invalid webhook ID format" }

The provided webhook ID is not a valid format.

{ "error": "webhook_inactive", "message": "Cannot test an inactive webhook." }

The webhook is disabled. Reactivate it via Update Webhook before testing.

{ "error": "unauthenticated", "message": "Missing or invalid API key" }

Missing or invalid API key / session cookie.

{ "error": "not_found", "message": "Webhook not found" }

No webhook exists with this ID, or it belongs to a different account.

{ "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 60 }

Too many requests. Wait for the Retry-After header before retrying.

Test result handoff

Use this endpoint before routing production monitor events to a new receiver or after changing webhook code, secrets, firewall rules, or queue routing.

Receiver accepted

Treat success: true and a 2xx statusCode as proof that the receiver accepted the signed webhook.test request.

Receiver rejected

Treat success: false with a non-2xx statusCode as a receiver error. Fix the endpoint before waiting for the next production monitor event.

Endpoint unreachable

Treat statusCode: 0 as a network or reachability failure. Check DNS, TLS, firewall rules, and the public HTTPS URL.

Error string

Store error with your deployment logs so support, queue, or incident workers can see the latest test failure reason.

Inactive webhook

webhook_inactive means no test was sent. Reactivate the webhook with Update Webhook, then test again.

Signature path

Validate X-Xquik-Signature, X-Xquik-Timestamp, and X-Xquik-Nonce on the raw request body before accepting test or production events.

Test payload

webhook.test payloads include eventType, data, and timestamp. They do not include deliveryId or streamEventId.

Production triage

After the receiver accepts this signed test, use List Deliveries to debug real monitor events. Delivery rows contain id, streamEventId, status, attempts, lastStatusCode, lastError, createdAt, and deliveredAt.

Event join

For failed or exhausted production deliveries, use delivery streamEventId as the {id} for Get Event. Store the event monitorId, monitorType, type, occurredAt, and data with the receiver incident.

This endpoint supports dual authentication: API key (x-api-key header) or session cookie from the dashboard.Related: List Webhooks · List Deliveries · Get Event · Webhook Verification

Documentation Index

​Path parameters

​Headers

​What happens

​Response

​Test result handoff

Receiver accepted

Receiver rejected

Endpoint unreachable

Error string

Inactive webhook

Signature path

Test payload

Production triage

Event join

Path parameters

Headers

What happens

Response

Test result handoff