Outgoing Webhooks
Expirly can send HTTP POST requests to your endpoints when the status of an item changes. This lets you build your own automations — without a Zapier detour. Available from the Business plan onwards.
Events
| Event | Trigger |
|---|---|
item.expired | Status changes to EXPIRED |
item.renewed | An expired/critical item is renewed |
item.warning | Status changes to WARNING |
item.critical | Status changes to CRITICAL |
Payload
{
"event": "item.expired",
"timestamp": "2026-03-11T08:00:00.000Z",
"item": {
"id": "clx...",
"name": "example.com SSL",
"category": "SSL",
"domain": "example.com",
"expiresAt": "2026-03-10T00:00:00.000Z",
"status": "EXPIRED",
"previousStatus": "CRITICAL"
},
"workspace": {
"id": "ws...",
"name": "My Company"
}
}Setup
- Go to Settings → Notifications → Custom Webhook
- Enter the webhook URL (must be HTTPS)
- Optional: Provide a signing secret for payload verification
Signature verification
When a signing secret is configured, each request includes an X-Expirly-Signature header with an HMAC-SHA256 signature of the request body:
const crypto = require("crypto");
function verifySignature(body, signature, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(body)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Retry strategy
Failed deliveries (non-2xx response) are retried up to 3 times with exponentially increasing intervals (1 min, 5 min, 30 min).
Last updated on