Skip to Content

Webhooks

Webhooks push GPTfake alerts to your endpoint the moment they are detected, so you don’t have to poll. Subscribe to specific event types and models, and we deliver a signed JSON payload to your URL.

Create a subscription

POST /webhooks
curl -X POST https://api.gptfake.com/v1/webhooks \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-app.com/webhook", "events": ["policy_change", "censorship_spike"], "models": ["chatgpt", "claude"] }'

Response:

{ "id": "wh_3a90", "url": "https://your-app.com/webhook", "events": ["policy_change", "censorship_spike"], "models": ["chatgpt", "claude"], "secret": "whsec_...", "status": "active" }

Events

EventFired when
policy_changeA model’s stated policy or observed rules change
censorship_spikeA refusal rate rises sharply versus baseline

See Alerts for how these events are detected.

Delivery payload

When an event fires we POST a payload to your url:

{ "id": "evt_77c2", "type": "censorship_spike", "model": "chatgpt", "data": { "category": "political", "delta": "+5.8pp", "detected_at": "2024-11-24T06:00:00Z" }, "methodology": "https://gptfake.com/monitoring/methodology" }

Verify signatures

Each delivery includes an X-GPTfake-Signature header — an HMAC of the raw body using your subscription secret. Recompute it and compare before trusting a payload.

Always verify the signature and respond 2xx quickly. We retry failed deliveries with exponential backoff; non-2xx responses are treated as failures.

Manage subscriptions

GET /webhooks # list subscriptions GET /webhooks/{id} # retrieve one DELETE /webhooks/{id} # remove one

Managing webhooks via OAuth requires the webhooks.write scope — see OAuth 2.0.

Next steps