Webhook Events
All webhook event types, payloads, and signature verification for ClientCasa integrations.
Webhooks send real-time HTTP POST notifications to your server when events occur in ClientCasa. Use them to trigger workflows, sync data, and build custom integrations.
Configuration
Configure webhooks in your dashboard at Settings > Webhooks. For each endpoint you can:
- Set a destination URL that receives POST requests
- Choose which events to subscribe to
- Add a signing secret for HMAC-SHA256 signature verification
- Enable or disable the endpoint without deleting it
Signature Verification
When you configure a signing secret, ClientCasa includes two headers on every delivery for verification:
| Header | Description |
|---|---|
X-Signature | HMAC-SHA256 signature in the format sha256=hex_digest |
X-Webhook-Timestamp | Unix timestamp (seconds) for replay protection |
The signature is computed over {timestamp}.{body}. Verify it like this:
const crypto = require('crypto')
function verifyWebhookSignature(body, timestamp, signature, secret) {
// Reject old timestamps (> 5 minutes) to prevent replay attacks
const now = Math.floor(Date.now() / 1000)
if (Math.abs(now - parseInt(timestamp)) > 300) {
throw new Error('Timestamp too old')
}
const expected = crypto
.createHmac('sha256', secret)
.update(`${timestamp}.${body}`)
.digest('hex')
const received = signature.replace('sha256=', '')
if (
!crypto.timingSafeEqual(
Buffer.from(expected, 'hex'),
Buffer.from(received, 'hex'),
)
) {
throw new Error('Invalid signature')
}
}Always verify signatures
If you configure a signing secret, always verify the signature before processing the payload. Use timingSafeEqual to prevent timing attacks.
Event Types
Proposal & Document Events
A proposal is one client-facing page assembled from blocks. These events track it through its lifecycle. (The smart_file_ prefix is ClientCasa's internal name for these documents — subscribe to the literal event strings below.)
| Event | Description |
|---|---|
smart_file_sent | A proposal has been sent to a client |
smart_file_viewed | A client has opened a proposal for the first time |
smart_file_accepted | A client has accepted (and signed, if applicable) a proposal |
smart_file_completed | A proposal's required actions are all complete |
smart_file_expired | A proposal has passed its expiration date |
Contract Events
These track standalone contracts (sent for e-signature) through their lifecycle.
| Event | Description |
|---|---|
contract_sent | A contract has been sent to its signers |
contract_viewed | A signer has opened the contract for the first time |
contract_signed | The contract has been signed |
contract_recipient_signed | An individual signer has completed their signature |
contract_countersigned | The contract has been countersigned by your side |
contract_completed | All required signatures are complete |
contract_expired | A contract has passed its expiration date without being signed |
contract_voided | A contract has been voided |
Invoice & Payment Events
| Event | Description |
|---|---|
invoice_sent | An invoice has been sent to a client |
invoice_viewed | A client has opened an invoice for the first time |
invoice_due_soon | An invoice is approaching its due date |
invoice_overdue | An invoice has passed its due date |
invoice_payment_reminder | A payment reminder has been sent for an outstanding invoice |
invoice_paid | A client has paid an invoice |
invoice_payment_failed | A payment attempt has failed |
invoice_disputed | A payment has been disputed |
payment_received | A payment was recorded (any method — card, ACH, cash, check, transfer) |
payment_applied | A payment was applied to an invoice |
payment_unapplied | A payment was removed from the invoice it was applied to |
payment_refunded | A payment of any type was refunded |
payment_chargeback | A payment was charged back (Stripe dispute funds withdrawn) |
payment_deleted | A recorded payment was deleted |
subscription_payment_failed | An automatic recurring-billing charge failed |
Payout Events (bank deposits)
| Event | Description |
|---|---|
payout_paid | A Stripe payout has successfully deposited to your bank account. Payload includes deposit amount, bank last 4, and reconciliation totals (grossTotal, feeTotal, refundTotal, paymentCount). |
payout_failed | A Stripe payout failed to deposit. Payload includes the failure code and human-readable failure message. |
Receipt Events
| Event | Description |
|---|---|
receipt_sent | A receipt has been sent to a client |
Payment Schedule Events
| Event | Description |
|---|---|
schedule_deposit_ready | A deposit invoice is ready |
schedule_installment_due | An installment payment is due |
schedule_installment_paid | An installment payment has been received |
schedule_completed | All payments in a schedule are complete |
Document Intelligence Events
| Event | Description |
|---|---|
document_processed | A document has finished AI processing |
document_needs_review | A document has actions requiring manual review |
document_failed | Document processing has failed |
document_action_created | An AI-proposed action is awaiting approval |
document_action_approved | An AI-proposed action has been approved |
Entity Events
| Event | Description |
|---|---|
client_created | A new client has been created |
contact_created | A new contact has been created |
project_created | A new project has been created |
time_entry_created | A new time entry has been logged |
Project & Other Events
| Event | Description |
|---|---|
form_submission_completed | A form (e.g. a questionnaire) was filled out and submitted |
milestone_approaching | A project milestone is approaching its due date |
timer_running_reminder | A time-tracking timer has been left running |
Lead & lifecycle events
A lead is a client at an early lifecycle stage, so the whole lead-to-customer journey is covered by these events (they replaced the older inquiry events).
| Event | Description |
|---|---|
lead_created | A new lead has been captured (e.g. an inquiry form submission) |
lead_status_changed | A lead moved between lifecycle stages (new → contacted → qualified) |
client_won | A lead became an active client |
client_lost | A lead was marked declined or lost |
Payload Format
All webhook deliveries use this envelope format:
{
"event": "invoice_paid",
"timestamp": "2026-03-14T15:30:00.000Z",
"data": {
"documentType": "invoice",
"documentId": "inv_abc123",
"documentNumber": "INV-0042",
"amount": 2500.00,
"client": {
"id": "client_xyz",
"name": "Acme Corp"
},
"contact": {
"id": "contact_123",
"name": "Jane Smith",
"email": "jane@acme.com"
}
}
}The data object varies by event type but always includes identifiers for the relevant resources. Payment-related events include additional fields:
{
"event": "invoice_paid",
"timestamp": "2026-03-14T15:30:00.000Z",
"data": {
"documentType": "invoice",
"documentId": "inv_abc123",
"documentNumber": "INV-0042",
"amount": 2500.00,
"client": {
"id": "client_xyz",
"name": "Acme Corp"
},
"contact": {
"id": "contact_123",
"name": "Jane Smith",
"email": "jane@acme.com"
},
"paymentMethod": "card",
"last4": "4242",
"brand": "visa"
}
}Retry Policy
Delivery retries
Your endpoint must respond with a 2xx status code within 10 seconds or the delivery is considered failed. Each event is attempted up to 5 times before being marked failed. Ensure your handler returns quickly --- offload heavy processing to a background job.
Auto-disable after repeated failures
If an endpoint returns 5 consecutive failures (non-2xx responses, timeouts, or connection errors), ClientCasa automatically disables it to stop wasting deliveries. A single successful delivery resets the failure counter. Once you have fixed your endpoint, re-enable it from Settings > Webhooks.
Inbound webhooks
The events above are outbound — ClientCasa delivering notifications to your endpoints. ClientCasa also receives webhooks from the services that power its money, messaging, and signing features:
- Stripe — payment and payout reconciliation (payment intent state changes, charges, disputes, payouts).
- Resend — inbound email replies (routed into your message threads) and delivery feedback (bounces, complaints).
- Firma — e-signature status updates for contracts and agreements.
These inbound integrations are platform-managed and not user-configurable — there is nothing to set up, and they are listed here only so you understand how data flows into your account.