Documentation Index
Fetch the complete documentation index at: https://docs.redbark.co/llms.txt
Use this file to discover all available pages before exploring further.
Webhooks are in beta. The payload format and delivery behaviour may change.
type field.
Webhooks support bank transaction syncs and brokerage trade syncs. Brokerage holdings are not sent to webhook destinations; use a Google Sheets destination if you need holdings snapshots. All payloads are signed with HMAC-SHA256. See the API reference for the full payload and verification details.
Setup
Enter your webhook URL
Click Add Destination, select Webhook, and enter the HTTPS URL where you want to receive transaction data. Plain HTTP is not supported.
Generate and copy your signing secret
Click Generate Secret. A signing secret is displayed immediately. Copy it now. It is only shown once. Use this secret to verify incoming webhook signatures on your server.
How it works
On each sync, Redbark:- Checks for previously delivered entities: transaction and trade IDs that were successfully delivered before are tracked to prevent duplicates
- Sends new and updated entities: a JSON payload is POSTed to your URL containing any new records (and, for transactions, status updates such as pending to posted)
- Chunks large syncs: if there are more than 500 records, they are split into multiple requests of up to 500 each, delivered sequentially
type field — transactions.synced or trades.synced — to route the payload on your side.
Each request includes HMAC-SHA256 signature headers for verification. See the API reference for the full payload schema and verification guide.
Delivery and retries
Each delivery attempt is logged and visible in the Deliveries view (accessible from the destination’s three-dot menu). If a delivery fails, Redbark retries with exponential backoff:| Attempt | Delay |
|---|---|
| 1st | Immediate |
| 2nd | 1 second |
| 3rd | 3 seconds |
| 4th | 9 seconds |
- 2xx responses are treated as successful. The consecutive failure counter resets.
- 429 (rate limit) responses are retried.
- Other 4xx responses are not retried (the request is malformed or rejected).
- 5xx responses and network errors are retried.
Auto-disable
If a webhook fails 5 consecutive times (across separate sync runs), the destination is automatically disabled. You can re-enable it from the destination’s three-dot menu. Delivery resumes on the next sync. A single successful delivery resets the failure counter.Managing your webhook
From the three-dot menu on a webhook destination card:- Deliveries: view the last 50 delivery attempts with status codes, duration, and errors
- Edit URL: change the endpoint (generates a new signing secret; copy it and update your server, then test)
- Rotate Secret: generate a new signing secret (copy it and update your server, then test)
- Re-enable: re-enable a disabled webhook (delivery resumes on the next sync)
- Delete: remove the webhook destination
Security
- HTTPS required: webhook URLs must use HTTPS to protect data in transit
- HMAC-SHA256 signing: every payload is signed so you can verify it came from Redbark
- Replay protection: the signature includes a timestamp; reject requests older than 5 minutes
- Encrypted storage: your signing secret is encrypted at rest with AES-256-GCM
- Per-destination secrets: each webhook destination has its own unique signing secret