# Webhooks

Webhook management is Plane B.

## Subscribe

Create a subscription with:

```http
POST /internal/webhooks/subscriptions
X-Plug-Wallet-Api-Key: <api-key>
```

Use event patterns such as:

```json
["wallet.*", "kyc.verification.updated", "contract.vault.recorded"]
```

## Delivery safety

- Always verify webhook signatures.
- Respond quickly with a 2xx status.
- Make handlers idempotent.
- Store event IDs and ignore duplicates.
- Replay failed deliveries from `/internal/webhooks/deliveries/{id}/replay`.

## Event ownership

The webhook payload reports what happened. It is not the source of truth. Fetch the canonical resource from the API before making irreversible decisions.
