Webhooks allow you to listen to certain events on Toornament.
When one of those events happen, an HTTP POST request is sent to your configured webhook URL.
A webhook is linked to an application. You can find the list of your webhooks on the Applications page.
Example of a webhook
"name": "My webhook",
Example of a subscription
First you need to define a webhook (see webhook endpoint).
Each webhook subscription (see subscription endpoint)
scope_id parameters used to limit the entity events the webhook listens to.
Available Webhook Scopes
The Toornament Webhook API currently support the following webhook scope:
listens to a specific tournament. The
scope_id is the
Triggers when a registration is created.
Triggers when information of a registration is updated.
Triggers when a registration status becomes accepted.
Triggers when a registration status becomes refused.
Triggers when a registration status becomes pending.
Triggers when a registration status becomes cancelled.
Triggers when a registration is deleted.
Triggers when a participant is created.
Triggers when information of a participant is updated.
Triggers when a participant is checked in.
Triggers when a participant is checked out.
Triggers when a participant is deleted.
Triggers when a tournament registration process starts.
Triggers when a tournament registration process ends.
Triggers when a tournament check-in process starts.
Triggers when a tournament check-in process ends.
The following information is passed along in the raw body of the post request of the webhook (json encoded):
Entity type concerned by the event.
Entity id concerned by the event.
Scope concerned by the event.
Scope id concerned by the event.
Timestamp of the event trigger in seconds.
Format: RFC 3339 (combined date, time and utc offset)
Available Object Types
You can retrieve the registration on the organizer registration endpoint. The
object_id is the
You can retrieve the participant on the organizer participant endpoint. The
object_id is the
You can retrieve the tournament on the organizer tournament endpoint. The
object_id is the same as the
Webhook URL legitimation
To ensure your webhook URL is a legit URL, a HTTP HEAD request will be sent with the
To validate your webhook, the response to this request must return a 200 HTTP Response with the same
X-Webhook-Secret header as you will need it for payload validation.
In each HTTP POST webhook, a
X-Webhook-Signature header is added to the request to ensure that payload has not been altered.
To validate the body content you need to concatenate the body response with the
X-Webhook-Secret header and hash the result with
The result string must be the same as the
If the Toornament servers can not contact the webhook URL, the servers will try to send the data again during the next 24 hours.
So we can not ensure the event payloads will be delivered in the correct order.
To prevent any error, we recommend you retrieve the entity concerned by the event to make sure you have its latest state.