Webhooks & API

Extend Velt with webhooks and a REST API.

Integrate seamlessly with your systems: perform CRUD on every Velt feature, server-side, and receive a signed, retried webhook for every event, from humans and agents alike.

// Stop polling and screen-scraping. The same data your frontend sees is available server-side, and every change can push to you.

Free tier. No credit card. Signed webhooks on every plan.

POST /v2/organizations/add
Authorization: Bearer sk_live_***

{
  "organizationId": "acme",
  "name": "Acme Corp"
}

bearer auth · CRUD on every feature

View API docs

3M+ comments created in products built on Velt.

Teams wired Velt into their backend in an afternoon.Compare Velt

What it is

One event and provisioning surface.

The Velt REST API lets you programmatically perform CRUD operations on every feature: comments, organizations, users, documents, recordings, and notifications. Webhooks push the other direction: every event fires a signed payload to your endpoints with retries, rate limiting, payload transforms, custom encryption, and failure recovery. Humans and agents are treated the same, because an agent is a user with type agent, so its activity reaches your backend in the same event stream beside human users.

Event delivery · filing-q3signed ↓
09:02comment.added firedagent
09:02Webhook delivered to api.acme.com200
09:14review.approved firedhuman
09:14Retry 1 succeeded after timeout200

one event surface for humans and agents: fire, sign, retry, prove

How it works

Key, call, subscribe.

Create an API key, call any feature from your server, and point a webhook endpoint at your backend.

01Create an API key
console.velt.dev
# create an API key in the console
# console.velt.dev, or from code:
POST /v2/workspace/apikey/create
{ "name": "acme", "environment": "production" }
02Call the REST API
server.ts
// call any feature from your server
GET /v2/comments?documentId=filing-q3
Authorization: Bearer sk_live_***
03Subscribe to webhooks
webhooks
// point a webhook endpoint at your backend
// every event is signed, retried, and delivered
POST https://api.acme.com/velt-hooks
With Velt

Everything to integrate, included.

Signed REST endpoints cover every feature, server-side. Webhooks deliver every event with HMAC SHA-256 signing, retries with backoff, rate limiting, payload transforms, customer-managed encryption, failure recovery, and two-way Slack sync. Platform-management REST APIs cover the workspace lifecycle: keys, domains, auth tokens, and the email, notification, webhook, activity, and permission configs.

signed, retried, encrypted, recovered

Build it yourself

An in-house event pipeline is a project.

  • Signed delivery with verifiable HMAC signatures
  • Retries with backoff and a dead-letter recovery path
  • Rate limiting so a burst never drops events
  • Payload transforms to fit your downstream schema
  • Customer-managed encryption for sensitive payloads
  • Two-way Slack sync and pre-built connectors

Velt ships the whole event and provisioning surface with the SDK, so your engineers wire integrations instead of building delivery infrastructure.

Skip the glue code. Provision from code.

Use the REST APIs or the Velt MCP server for agents that set up and query Velt.

POST /v2/organizations/add

Get a signed API key and start integrating today.

No credit card.

Get Free API Key

Showcase

Everything you need to integrate in production.

Six capabilities, one surface. Toggle to Code where it is API driven.

01rest api
GET /v2/comments?documentId=filing-q3
→ 142 records

every Velt feature, server-side

// rest api
GET /v2/comments?documentId=filing-q3
Authorization: Bearer sk_live_***

Extensive REST API coverage

Programmatically perform CRUD on every Velt feature: comments, organizations, users, documents, recordings, and notifications. The same data your frontend sees, server-side.

02webhooks
event: comment.added → 200 OK
event: review.approved → 200 OK

HMAC SHA-256 · x-velt-signature

// webhooks
event: comment.added200 OK
x-velt-signature: t=1718,v1=9f2c...

Signed webhooks

Every event fires a signed webhook. Verify the x-velt-signature HMAC SHA-256 header before processing, and failed signatures are dropped and retried.

03slack
SL

#filing-q3 · new comment synced to Slack

two-way sync · reply from Slack

synced
// slack
// comment.added → #filing-q3
// reply in Slack → synced back

Two-way Slack sync

Sync comments and threads to Slack and reply from Slack back into your product. Keep the conversation in both places without copy-paste.

04transforms
// transform the payload before delivery
webhook.transform = (event) => ({
  type: event.event,
  doc: event.documentId,
  actor: redact(event.user)
})
// transforms
webhook.transform = (e) => ({ doc: e.documentId, actor: redact(e.user) })

Payload transforms

Reshape the payload before delivery so it fits your downstream schema, and redact fields you do not want to leave Velt.

05encryption
Webhook configbyok
encryptioncmek://acme
signatureHMAC SHA-256
headerscustom
// encryption
webhook.encryption.key = cmek://acme
webhook.headers = { 'x-tenant': id }

Custom encryption

Encrypt webhook payloads with your own keys so sensitive content stays under your control end to end, plus custom signing headers.

06recovery
delivery failed → retry 1 (2s)
retry 1 failed → retry 2 (8s)
retry 2 → 200 OK

retries · rate limiting · failure recovery

// recovery
delivery failedretry 1 (2s) → retry 2 (8s) → 200 OK

Retries and failure recovery

Retries with backoff, rate limiting, and a recovery path mean a slow or down endpoint never silently drops an event.

Little big details

The whole integration surface, in one place.

The showcase is the highlight reel. This is the index.

CRUD REST endpoints for commentsCRUD for organizations and usersCRUD for documents and foldersRecordings and notifications APIsBearer token authenticationHMAC SHA-256 webhook signingx-velt-signature verification headerRetries with exponential backoffRate limiting with burst capacityPayload transforms before deliveryCustomer-managed payload encryptionCustom webhook headersFailure recovery and replayTwo-way Slack syncMessaging, storage, CRM, analytics connectorsWorkspace lifecycle REST APIsAPI key and Managed Domain managementEmail, notification, and activity config APIsPermission-provider config APIMCP server for setup and queries

Make it yours

Wire it your way.

The API and webhooks are the contract; what you build on them is yours.

Pull

Read every feature through the REST API to populate your warehouse, your CRM, or your own dashboards, on your schedule.

Your pipelinevia REST
GET /v2/comments→ your warehouse
GET /v2/users→ your CRM

Push

Transform and encrypt payloads, set custom headers, choose which events fire, and recover failures, all per endpoint.

webhook.transform = (e) => redact(e)
webhook.encryption.key = cmek://acme
webhook.headers = { 'x-tenant': id }

In production

See the API and webhooks on your work.

Where the integration surface fits, by team.

Cotton Supplier Ltd.

Mid Weight Indigo Denim

Farm

AgriCotton Farms

Village Kheda, Gujarat, India

Cotton Yarn1

SpinCo Yarns

18 Narol Rd, Gujarat, India

Manufacturer

DyeWorks International

Calle de Mayo, Mexico

Maya2m

Can you attach the GOTS cert for this lot before we approve? @Sean

1 Reply

Route every event into your ops stack, with retries and a recovery path so nothing drops.For operations

See webhooks fire on your data.

30 minutes, with an engineer.

Book Demo
SOC 2 Type IIHIPAA with BAASelf-hostingMulti-regionBYOK encryption

Webhook payloads support bring-your-own-key encryption, with SOC 2 Type II and HIPAA with a BAA. See Enterprise and Self-hosting.

View Trust Center

FAQ

Questions buyers and agents ask.

Programmatically perform CRUD operations on every Velt feature: comments, organizations, users, documents, recordings, and notifications. The same data your frontend sees is available server-side via signed REST endpoints.

Each webhook payload is signed with HMAC SHA-256 using your project's secret. Verify the x-velt-signature header before processing. Failed signature checks are dropped and retried.

Default 100 requests per second per API key, with burst capacity for write traffic. Reach out for higher limits; enterprise plans get custom quotas plus dedicated retry queues.

Deliveries are retried with exponential backoff and held for recovery, so a slow or temporarily unavailable endpoint does not silently drop events. You can replay failed deliveries once your endpoint is healthy.

Yes. You can reshape the payload before delivery to fit your downstream schema, redact fields, set custom headers, and encrypt payloads with your own keys for end-to-end control.

Yes. An agent is a user with type agent, so agent comments, approvals, and actions fire the same signed webhooks as human activity, with the actor type on the payload.

Yes. Platform-management REST APIs cover the workspace lifecycle: create and get a workspace, create, update, and list API keys, manage domains and auth tokens, and read or update the email, notification, webhook, activity, and permission-provider configs. You can also use the Velt MCP server.

Create a free API key in the console, call any feature from your server with a bearer token, and point a webhook endpoint at your backend. Signed webhooks are available on every plan.

Extend Velt with webhooks and a REST API.

Free tier. No credit card.

Signed webhooks on every plan.