Skip to main content
POST
/
webhooks
curl --request POST \
  --url https://api.kardow.com/webhooks \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "event": "*",
  "target_type": "webhook",
  "target_url": "https://example.com/kardow/webhook",
  "secret": "replace-with-a-16-char-secret"
}
'
{
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "target_url": "<string>",
    "is_enabled": true,
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z"
  }
}

Documentation Index

Fetch the complete documentation index at: https://kardow.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Register a URL to receive POST requests whenever events happen on your job board. Supports generic webhooks, Discord, and Slack.

Request Body

event
string
required
The event to subscribe to. Use * to receive all events.Available events:
  • job.created — a new job is posted
  • job.updated — a job is edited
  • job.approved — a job is approved / set to active
  • job.expired — a job expires
  • job.deleted — a job is deleted
  • job.status_changed — any status transition
  • application.received — a new application is submitted
  • application.status_changed — an application status changes
  • user.created — a new job board user is created
  • subscription.created — a subscription starts
  • subscription.canceled — a subscription ends
  • payment.received — a payment succeeds
  • * — all events
target_type
string
required
The type of endpoint: webhook, discord, or slack.
target_url
string
required
The URL that will receive POST requests.
secret
string
An HMAC signing secret (min 16 characters). When provided, every delivery includes an X-Kardow-Signature header so you can verify authenticity. Only used for webhook target type.

Webhook Payload

Every delivery sends a JSON body like this: 
{
  "event": "job.created",
  "organization_id": 42,
  "timestamp": "2025-07-19T12:00:00.000Z",
  "data": {
    "job_id": "abc-123",
    "title": "Senior Engineer",
    "company_name": "Acme Inc",
    "status": "active",
    "location": "Remote"
  }
}
Discord and Slack targets automatically format the payload into embeds / blocks.

Signature Verification

If you provided a secret, verify deliveries like this: 
const crypto = require('crypto');

function verifySignature(body, secret, signature) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(body)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signature)
  );
}

Examples

Subscribe to all job events via webhook

cURL
curl --request POST \
  --url "https://api.kardow.com/webhooks" \
  --header "x-api-key: your-api-key-here" \
  --header "Content-Type: application/json" \
  --data '{
    "event": "job.created",
    "target_type": "webhook",
    "target_url": "https://example.com/my-webhook",
    "secret": "my-signing-secret-1234"
  }'

Subscribe a Discord channel

cURL
curl --request POST \
  --url "https://api.kardow.com/webhooks" \
  --header "x-api-key: your-api-key-here" \
  --header "Content-Type: application/json" \
  --data '{
    "event": "*",
    "target_type": "discord",
    "target_url": "https://discord.com/api/webhooks/123/abc"
  }'

Response

data
object

Authorizations

x-api-key
string
header
required

API key for authentication. Get yours from Settings > API Keys in the Kardow dashboard.

Body

application/json
event
enum<string>
required
Available options:
job.created,
job.updated,
job.approved,
job.expired,
job.deleted,
job.status_changed,
application.received,
application.status_changed,
user.created,
subscription.created,
subscription.canceled,
payment.received,
*
target_type
enum<string>
required
Available options:
webhook,
discord,
slack
target_url
string<uri>
required
secret
string
Minimum string length: 16

Response

Existing subscription returned

data
object
required