Webhooks
Receive signed HTTP callbacks when pages are published, updated, or deleted.
Last updated June 2, 2026
Register HTTPS endpoints in Settings to receive lifecycle events from HTMLDrop.
Events
| Event | When |
|---|---|
page.published | New page created via API or editor |
page.updated | Page content updated |
page.deleted | Page removed |
Payload
{
"id": "delivery-uuid",
"event": "page.published",
"createdAt": "2026-06-02T12:00:00.000Z",
"data": {
"slug": "demo",
"url": "https://htmldrop.in/p/demo",
"format": "html",
"title": "Demo"
}
}
Signature verification
Each request includes:
X-HTMLDrop-Event— event nameX-HTMLDrop-Signature— HMAC-SHA256 hex digest of the raw JSON body
Verify with your endpoint signing secret:
import { createHmac, timingSafeEqual } from "crypto";
function verifySignature(secret, body, signature) {
const expected = createHmac("sha256", secret).update(body).digest("hex");
return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}
Retries
Failed deliveries retry up to 3 times with backoff. Check delivery status in Settings.