Skip to main content
Webhook configuration is done during Partner onboarding. You provide Suki with the callback URL (the full URL of the endpoint that will receive POST requests). This URL is stored at the partner level and is used for all webhook notifications for your organization. Suki also gives you a secret key on your partner record. You use that key only on your server to prove each incoming POST really came from Suki (see Signature verification). Treat it like a password.

How it works

Diagram: provide callback URL during partner onboarding, Suki stores it on the partner record, and sends HTTPS POST notifications when sessions complete or fail During onboarding you share your callback URL with Suki. Suki stores it on your partner record along with your secret key. When an Ambient session completes or fails, Suki sends a single POST to that URL. Your server verifies the signature, processes the payload, and returns 2xx.
You cannot register or change your webhook URL through a self-service portal or API. Provide your callback URL to the Suki team (for example, during partner onboarding). Suki will configure it for your partner account and confirm the URL with you once it is set.
Your endpoint must follow these requirements:
  • Accept POST requests over HTTPS only, with TLS 1.2 or higher. Suki will not send webhooks to HTTP URLs.
  • Be reachable from the internet (no localhost or private IPs in production).
  • Respond with 2xx (for example, 200) on successful receipt so Suki can consider the notification delivered. Handle validation and business logic after returning 200 if needed.

Security best practices

Your callback URL must use HTTPS with TLS 1.2 or higher. Never use plain HTTP for webhooks.

Next steps

Refer to Signature verification for HMAC-SHA-256 verification steps and Python and TypeScript examples. Refer to Security & best practices for platform-wide guidance.
Last modified on June 12, 2026