Webhooks
Conto sends HTTP POST requests to your configured URL when payments progress, an A2A payment request is created, a service spend record is written, or an agent is frozen or unfrozen.Setup
- Go to Settings > Webhooks in the dashboard
- Enter your HTTPS endpoint URL
- Copy the generated signing secret, you’ll need this to verify payloads
Event Types
Payload Format
Every webhook POST includes these headers and a JSON body:Headers
Body
Verifying Signatures
Every payload is signed with your webhook secret using HMAC-SHA256. Verify signatures to confirm the request came from Conto.Retry Behavior
Failed deliveries are retried up to 3 times with exponential backoff:
A delivery is considered failed if your endpoint returns a non-2xx status code or doesn’t respond within 10 seconds.
Agent Callback URLs
In addition to organization-level webhooks, individual agents can have acallbackUrl set during creation. When set, webhooks are delivered to both the organization URL and the agent’s callback URL.
Delivery Targets
Both targets receive the same payload format and signature headers.