Skip to main content
POST
/
webhooks
Create webhook
curl --request POST \
  --url https://xquik.com/api/v1/webhooks \
  --header 'Content-Type: <content-type>' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "url": "<string>",
  "eventTypes": [
    "<string>"
  ]
}
'

Documentation Index

Fetch the complete documentation index at: https://docs.xquik.com/llms.txt

Use this file to discover all available pages before exploring further.

Free - does not consume credits
curl -X POST https://xquik.com/api/v1/webhooks \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhook",
    "eventTypes": ["tweet.new", "tweet.reply"]
  }' | jq

Headers

x-api-key
string
required
Your API key. Session cookie authentication is also supported.
Content-Type
string
required
Must be application/json.

Body

url
string
required
HTTPS endpoint URL where events will be delivered. HTTP URLs are rejected. URLs resolving to private or internal IP addresses (localhost, 10.x.x.x, 172.16-31.x.x, 192.168.x.x, 169.254.x.x) are also rejected.
eventTypes
string[]
required
Array of event types to subscribe to. At least 1 required. Valid types: tweet.new, tweet.reply, tweet.quote, tweet.retweet.

Valid event types

tweet.new

Original tweet from an account monitor or matching keyword monitor. Use for new posts that are not replies, quotes, or retweets.

tweet.quote

Quote tweet from an account monitor or matching keyword monitor. Pair with monitors that include tweet.quote.

tweet.reply

Reply from an account monitor or matching keyword monitor. Pair with monitors that include tweet.reply.

tweet.retweet

Retweet from an account monitor or matching keyword monitor. Pair with monitors that include tweet.retweet.
webhook.test is sent only by the Test Webhook endpoint. It is not a subscribable eventTypes value.

Integration handoff

Use this endpoint after creating an account monitor with POST /monitors or a keyword monitor with POST /monitors/keywords. The webhook stores the HTTPS endpoint and event-type filter. Active monitors produce the events; webhook delivery is included with monitor billing. Store these fields immediately after creation:

Webhook ID

Store id for POST /webhooks/{id}/test, updates, deletes, and delivery lookups.

Delivery URL

Store url to audit which queue, CRM, warehouse, or app endpoint receives monitor events.

Event Filter

Store eventTypes; keep the webhook filter aligned with the account or keyword monitor event types.

Signing Secret

Store secret once and use it to verify X-Xquik-Signature on the raw request body.

Created At

Store createdAt for audit logs and configuration drift checks.

Delivery Payload

Expect HTTPS POST bodies with eventType, schemaVersion, deliveryId, streamEventId, occurredAt, data, plus username for account monitor events or query for keyword monitor events.
Every delivery includes X-Xquik-Signature, X-Xquik-Timestamp, and X-Xquik-Nonce headers. Use deliveryId as the per-endpoint idempotency key and streamEventId when one monitor event must be processed once across retries or endpoints. Test the endpoint with POST /webhooks/{id}/test before routing production events. Return a 2xx response within 10 seconds, then process slow Slack, CRM, warehouse, or queue work asynchronously. Use Signature Verification to validate the raw request body before processing.

Response

id
string
Unique webhook identifier.
url
string
The registered delivery endpoint.
eventTypes
string[]
Event types this webhook is subscribed to.
secret
string
HMAC signing secret (64-character hex string). Store securely. Returned only at creation time.
createdAt
string
ISO 8601 creation timestamp.
{
  "id": "15",
  "url": "https://your-server.com/webhook",
  "eventTypes": ["tweet.new", "tweet.reply"],
  "secret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "createdAt": "2026-02-24T10:30:00.000Z"
}
The secret is returned only once. Store it securely. You need it to verify webhook signatures. It cannot be retrieved again.
This endpoint supports dual authentication: API key (x-api-key header) or session cookie from the dashboard.Next steps: List Webhooks · Signature Verification · Webhooks Overview
Last modified on May 14, 2026