API Reference
Delivery Subscriptions API
Manage generalized delivery subscriptions for webhook, SQS, WebSocket, and SSE event delivery.
The Delivery Subscriptions API provides a generalized subscription model for event delivery across multiple transport types. Each subscription declares which event types to receive, an optional payload filter, and a delivery configuration.
Info
Delivery subscriptions are transport-agnostic. The same API works for webhooks, SQS queues, WebSocket channels, and SSE streams — only the deliveryType and deliveryConfig differ. For SSE-specific token management, see the SSE API.
List Subscriptions
GET /api/delivery-subscriptionsReturns all delivery subscriptions scoped to the current application and environment.
Query Parameters:
| Parameter | Required | Description |
|---|---|---|
externalId | No | Filter by external ID for cross-system correlation |
Example:
GET /api/delivery-subscriptions?externalId=ext_system_abcResponse:
{
"subscriptions": [
{
"id": "dsub_abc123",
"applicationId": "app_abc123",
"environment": "development",
"events": ["session.status"],
"filter": { "installSid": "AI_abc123" },
"deliveryType": "webhook",
"deliveryConfig": {
"url": "https://example.com/webhook",
"secret": "whsec_..."
},
"active": true,
"externalId": "ext_system_abc",
"createdAt": 1710000000000,
"updatedAt": 1710000000000
}
]
}Get Subscription
GET /api/delivery-subscriptions/:idCreate Subscription
POST /api/delivery-subscriptionsRequest Body:
{
"events": ["session.status", "annotation.*"],
"filter": {
"installSid": "AI_abc123"
},
"deliveryType": "webhook",
"deliveryConfig": {
"url": "https://example.com/webhook",
"secret": "whsec_your_secret"
},
"externalId": "ext_system_abc"
}| Field | Required | Description |
|---|---|---|
events | Yes | Array of event type patterns to subscribe to |
deliveryType | Yes | Transport type: webhook, sqs, websocket, or sse |
deliveryConfig | Yes | Transport-specific configuration (see below) |
filter | No | Payload filter — only events matching all key/value pairs are delivered |
externalId | No | Optional external identifier for cross-system correlation |
Delivery Configurations
Webhook:
{
"deliveryType": "webhook",
"deliveryConfig": {
"url": "https://example.com/webhook",
"secret": "whsec_your_secret"
}
}| Field | Required | Description |
|---|---|---|
url | Yes | HTTPS endpoint URL (validated with DNS resolution) |
secret | Yes | Shared secret for HMAC-SHA256 signing |
SQS:
{
"deliveryType": "sqs",
"deliveryConfig": {
"queueUrl": "https://sqs.us-east-1.amazonaws.com/123456789/my-queue",
"region": "us-east-1",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"secretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"messageGroupId": "my-group"
}
}| Field | Required | Description |
|---|---|---|
queueUrl | Yes | Full SQS queue URL (standard or FIFO) |
region | Yes | AWS region (e.g. us-east-1) |
accessKeyId | No | AWS access key ID. If omitted, uses the default credential chain (IAM role, env vars, etc.) |
secretAccessKey | No | AWS secret access key. Required if accessKeyId is provided |
messageGroupId | No | Message group ID for FIFO queues. Enables ordered delivery within the group |
Info
For FIFO queues, include .fifo in the queue URL and set messageGroupId. The system generates a deduplication ID automatically from the subscription ID and timestamp.
WebSocket (future):
{
"deliveryType": "websocket",
"deliveryConfig": {
"channelPrefix": "events"
}
}Payload Filtering (Entity Key Filters)
The filter object limits delivery to events matching specific entity key values. This is the primary mechanism for tenant-scoped subscriptions — ensuring each subscriber only receives events relevant to their tenant/install/account.
{
"filter": {
"installSid": "AI_abc123",
"proctorAccountLocationSid": "PA_xyz789"
}
}Matching rules:
- Every key in
filtermust be present in the event payload - Every value must match (string coercion comparison — handles numeric/string mismatches from CDC data)
- Multiple keys use AND logic — all must match
- Subscriptions with no filter receive all matching events
- The
inoperator is supported for matching multiple possible values:{ "status": { "in": ["active", "pending"] } }
Entity keys available for filtering are defined by the mapping's entityKeys array. These are the payload field names that identify the tenant/entity (e.g., installSid, proctorAccountLocationSid). When a mapping defines entity keys, CDC events include those values in the event payload, enabling O(1) subscription lookup via the Redis subscription index.
Redis Subscription Index (Performance)
When Redis is available, delivery subscriptions with entity key filters are indexed in a Redis hash structure that enables O(1) lookups per entity key value. Instead of scanning all active subscriptions in Postgres on every event, the dispatcher:
- Extracts entity key values from the event payload
- Looks up
delivery:index:{applicationId}:{environment}:{entityKey}:{value}in Redis - Returns only subscriptions that match — no table scan
This is critical for high-throughput CDC pipelines where thousands of events per second need to be matched against potentially thousands of subscriptions.
If Redis is unavailable, the dispatcher falls back to a Postgres scan with in-memory filtering (correct but slower).
Update Subscription
PUT /api/delivery-subscriptions/:idRequest Body (all fields optional):
{
"events": ["session.status"],
"filter": { "installSid": "AI_new" },
"deliveryConfig": {
"url": "https://example.com/webhook-v2",
"secret": "new_secret"
},
"externalId": "ext_updated"
}Activate / Deactivate
POST /api/delivery-subscriptions/:id/activate
POST /api/delivery-subscriptions/:id/deactivateDeactivated subscriptions stop receiving deliveries but are not deleted.
Delete Subscription
DELETE /api/delivery-subscriptions/:id