Receive real-time HTTP notifications when events happen in your account — bandwidth thresholds, pool health changes, payment events, and more. Build automated workflows that respond instantly.
Configure webhooks from the Dashboard under Settings → Notifications. Set up a publicly accessible HTTPS URL to receive event payloads.
bandwidth.thresholdTriggered when bandwidth usage reaches 50%, 80%, 90%, or 100% of your plan limit.
bandwidth.exhaustedTriggered when bandwidth is fully consumed. Proxy requests will be paused.
pool.createdA new proxy pool was created via API or dashboard.
pool.deletedA proxy pool was deleted.
pool.health.degradedPool success rate drops below 90%.
session.expiredA sticky session TTL expired and the IP was released.
apikey.createdA new API key was generated.
apikey.revokedAn API key was revoked or deleted.
account.payment.successPayment processed successfully.
account.payment.failedPayment attempt failed.
{ "id": "evt_abc123def456", "type": "bandwidth.threshold", "created": "2026-03-10T14:30:00Z", "data": { "threshold": 80, "used_gb": 80.5, "limit_gb": 100, "remaining_gb": 19.5, "reset_date": "2026-04-01T00:00:00Z" }}Every webhook request includes a X-ZentisLabs-Signature header. Always verify this signature to ensure the request came from ZentisLabs.
import hmacimport hashlibfrom flask import Flask, request, jsonify
app = Flask(__name__)WEBHOOK_SECRET = "whsec_your_signing_secret"
def verify_signature(payload: bytes, signature: str) -> bool: expected = hmac.new( WEBHOOK_SECRET.encode(), payload, hashlib.sha256 ).hexdigest() return hmac.compare_digest(f"sha256={expected}", signature)
@app.route("/webhooks/zentislabs", methods=["POST"])def handle_webhook(): signature = request.headers.get("X-ZentisLabs-Signature", "") if not verify_signature(request.data, signature): return jsonify({"error": "Invalid signature"}), 401 event = request.json event_type = event["type"] if event_type == "bandwidth.threshold": threshold = event["data"]["threshold"] remaining = event["data"]["remaining_gb"] print(f"Bandwidth alert: {threshold}% used, {remaining}GB remaining") elif event_type == "pool.health.degraded": pool = event["data"]["pool_name"] success_rate = event["data"]["success_rate"] print(f"Pool {pool} degraded: {success_rate}% success rate") return jsonify({"received": True}), 200import express from "express";import crypto from "crypto";
const app = express();const WEBHOOK_SECRET = "whsec_your_signing_secret";
function verifySignature(payload: string, signature: string): boolean { const expected = crypto .createHmac("sha256", WEBHOOK_SECRET) .update(payload) .digest("hex"); return crypto.timingSafeEqual( Buffer.from(`sha256=${expected}`), Buffer.from(signature) );}
app.post("/webhooks/zentislabs", express.raw({ type: "application/json" }), (req, res) => { const signature = req.headers["x-zentislabs-signature"] as string; if (!verifySignature(req.body.toString(), signature)) { return res.status(401).json({ error: "Invalid signature" }); } const event = JSON.parse(req.body.toString()); switch (event.type) { case "bandwidth.threshold": console.log(`Bandwidth: ${event.data.threshold}% used`); break; case "account.payment.failed": console.log("Payment failed — action required"); break; } res.json({ received: true });});Never process webhook payloads without verifying the HMAC signature.
Return 200 within 5 seconds. Process events asynchronously if needed.
Use the event ID for idempotency. The same event may be delivered twice.
Webhook URLs must use HTTPS. HTTP endpoints are rejected.