Webhooks

ExaRoutes can deliver a webhook every time a dynamic QR is scanned. Use webhooks to forward scan events to your own systems (CRM, data warehouse, Slack notifier, etc.).

Configuring a webhook

From the dashboard at Settings → Integrations, add a webhook URL. Each webhook is workspace- scoped and can be configured to fire on specific events:

scan.created: every dynamic QR scan
form.submitted: every scan-to-form submission
qr.created, qr.updated, qr.deleted
domain.verified

Delivery format

{
  "id": "evt_abc123",
  "type": "scan.created",
  "createdAt": "2026-04-25T15:00:00Z",
  "data": {
    "qrId": "qr_abc123",
    "shortId": "ABC123",
    "country": "US",
    "region": "CA",
    "device": "mobile",
    "os": "iOS",
    "browser": "Safari",
    "isUnique": true
  }
}

Signing

Each webhook delivery includes a X-ExaRoutes-Signature header containing an HMAC-SHA256 signature of the request body, signed with your webhook secret. Verify it server-side before trusting the payload.

Retries

Failed deliveries (non-2xx response or timeout) are retried with exponential backoff up to 5 attempts: 30s, 5m, 30m, 2h, 6h. After the final attempt, the delivery is marked failed and visible in the dashboard’s webhook delivery log.

QR endpoints Error codes