Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cs2cap.com/llms.txt

Use this file to discover all available pages before exploring further.

The Webhooks API lets Quant accounts register outbound alert destinations that receive real-time alert.triggered events. Custom and Google Sheets destinations receive the signed CS2Cap event JSON. Discord and Telegram destinations receive native message payloads formatted for those platforms. You can inspect delivery history, check retry attempts, and rotate signing secrets without downtime.
Webhooks are available on Quant accounts only.

GET /account/webhooks

Returns all outbound webhook destinations configured for your account. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  "$CS2C_API_BASE/account/webhooks"
Response example
{
  "webhooks": [
    {
      "id": "3b1f1d4c-7b8e-4cc8-bb7b-5d8d0d2a7e11",
      "label": "Production alerts",
      "url": "https://hooks.example.com/cs2c",
      "platform": "custom",
      "secret_last4": "9f2a",
      "is_active": true,
      "last_success_at": "2026-04-12T18:20:11Z",
      "last_failure_at": null,
      "last_failure_message": null,
      "created_at": "2026-04-01T12:00:00Z",
      "updated_at": "2026-04-12T18:20:11Z"
    }
  ]
}
webhooks[].id
string
UUID for this webhook destination.
webhooks[].label
string
Display name for the webhook.
webhooks[].url
string
Delivery URL.
webhooks[].platform
string
Delivery platform key: custom, discord, telegram, or google_sheets.
webhooks[].secret_last4
string
Last four characters of the signing secret. The full secret is shown only at creation or rotation.
webhooks[].is_active
boolean
Whether the webhook is currently receiving deliveries.
webhooks[].last_success_at
string | null
ISO 8601 timestamp of the most recent successful delivery, or null if none has occurred yet.
webhooks[].last_failure_at
string | null
ISO 8601 timestamp of the most recent failed delivery, or null.
webhooks[].last_failure_message
string | null
Error message from the most recent failure, or null.

POST /account/webhooks

Creates one outbound webhook destination and returns its signing secret. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS -X POST \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"label":"Production alerts","url":"https://hooks.example.com/cs2c","platform":"custom","is_active":true}' \
  "$CS2C_API_BASE/account/webhooks"
label
string
required
Display name for the webhook (e.g., Production alerts).
url
string
required
Delivery URL. Must be a valid HTTP or HTTPS endpoint.
platform
string
default:"custom"
Delivery platform key. Use custom for signed CS2Cap JSON, discord for Discord webhooks, telegram for Telegram Bot API sendMessage URLs, or google_sheets for Apps Script-style receivers. Telegram URLs must include a chat_id query parameter.
is_active
boolean
default:"true"
Set to false to register the webhook in a paused state.
Request body
{
  "label": "Production alerts",
  "url": "https://hooks.example.com/cs2c",
  "platform": "custom",
  "is_active": true
}
Response example
{
  "webhook": {
    "id": "3b1f1d4c-7b8e-4cc8-bb7b-5d8d0d2a7e11",
    "label": "Production alerts",
    "url": "https://hooks.example.com/cs2c",
    "platform": "custom",
    "secret_last4": "9f2a",
    "is_active": true,
    "last_success_at": null,
    "last_failure_at": null,
    "last_failure_message": null,
    "created_at": "2026-04-12T18:20:11Z",
    "updated_at": "2026-04-12T18:20:11Z"
  },
  "secret": "whsec_live_8f4f4f4c"
}
secret
string
Full plaintext signing secret for this webhook. Use this to verify the X-CS2Cap-Signature header on incoming deliveries.
The signing secret is returned once only at creation. Copy and store it securely before closing the response. After this, only secret_last4 is available. To get a new secret, use the rotate-secret endpoint.

GET /account/webhooks/deliveries

Returns outbound webhook delivery jobs for your account, newest first. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  "$CS2C_API_BASE/account/webhooks/deliveries?limit=25&offset=0"
limit
integer
default:"25"
Page size, clamped to 1–100.
offset
integer
default:"0"
Zero-based starting position.
Response example
{
  "deliveries": [
    {
      "id": "deliv_01J0Y8QYVQW4H6Q3S9JX3B4G6H",
      "event_id": "evt_01J0Y8QYVQW4H6Q3S9JX3B4G6H",
      "endpoint_id": "3b1f1d4c-7b8e-4cc8-bb7b-5d8d0d2a7e11",
      "endpoint_label": "Production alerts",
      "endpoint_url": "https://hooks.example.com/cs2c",
      "platform": "custom",
      "event_type": "alert.triggered",
      "status": "succeeded",
      "attempt_count": 1,
      "last_http_status": 200,
      "error": null,
      "next_attempt_at": null,
      "created_at": "2026-04-12T18:20:11Z",
      "completed_at": "2026-04-12T18:20:12Z"
    }
  ],
  "pagination": {
    "limit": 25,
    "offset": 0,
    "total": 1
  }
}
deliveries[].id
string
Delivery job ID.
deliveries[].event_id
string
ID of the alert event that triggered this delivery.
deliveries[].endpoint_id
string
UUID of the webhook destination.
deliveries[].platform
string
Platform snapshot used for this delivery.
deliveries[].event_type
string
Event type. Currently always alert.triggered.
deliveries[].status
string
Delivery status: pending, succeeded, or failed.
deliveries[].attempt_count
integer
Total number of delivery attempts made.
deliveries[].last_http_status
integer | null
HTTP status code returned by your endpoint on the last attempt.
deliveries[].next_attempt_at
string | null
ISO 8601 timestamp for the next retry, or null if no retry is scheduled.

GET /account/webhooks/deliveries/:id

Returns one webhook delivery job and its full attempt history. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  "$CS2C_API_BASE/account/webhooks/deliveries/YOUR_DELIVERY_ID"
delivery_id
string
required
Delivery job ID to retrieve.
Response example
{
  "id": "deliv_01J0Y8QYVQW4H6Q3S9JX3B4G6H",
  "event_id": "evt_01J0Y8QYVQW4H6Q3S9JX3B4G6H",
  "endpoint_id": "3b1f1d4c-7b8e-4cc8-bb7b-5d8d0d2a7e11",
  "endpoint_label": "Production alerts",
  "endpoint_url": "https://hooks.example.com/cs2c",
  "platform": "custom",
  "event_type": "alert.triggered",
  "status": "succeeded",
  "attempt_count": 1,
  "last_http_status": 200,
  "error": null,
  "next_attempt_at": null,
  "created_at": "2026-04-12T18:20:11Z",
  "completed_at": "2026-04-12T18:20:12Z",
  "payload": {
    "alert_id": "6a49b4bc-95c6-4c98-8d40-5e3fca7b15e4",
    "item_id": 156,
    "market_hash_name": "AK-47 | Redline (Field-Tested)"
  },
  "attempts": [
    {
      "attempt_number": 1,
      "status": "succeeded",
      "http_status": 200,
      "error": null,
      "response_body_excerpt": null,
      "created_at": "2026-04-12T18:20:12Z"
    }
  ]
}
payload
object
The JSON body that was sent to your endpoint for this delivery.
attempts
array
Ordered list of delivery attempts for this job.

PATCH /account/webhooks/:id

Updates the editable fields of a webhook destination. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS -X PATCH \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"label":"Production alerts v2","is_active":false}' \
  "$CS2C_API_BASE/account/webhooks/YOUR_WEBHOOK_ID"
webhook_id
string
required
UUID of the webhook to update.
label
string
Updated display name.
url
string
Updated delivery URL (HTTP or HTTPS).
platform
string
Updated delivery platform key. If set to telegram, the delivery URL must include a chat_id query parameter.
is_active
boolean
Updated active state. Set to false to pause deliveries without deleting the webhook.
Request body
{
  "label": "Production alerts v2",
  "url": "https://hooks.example.com/cs2c-v2",
  "platform": "custom",
  "is_active": true
}
Omit any field to leave it unchanged.

DELETE /account/webhooks/:id

Deletes an outbound webhook destination. Pending deliveries for this destination are cancelled. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS -X DELETE \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  "$CS2C_API_BASE/account/webhooks/YOUR_WEBHOOK_ID"
webhook_id
string
required
UUID of the webhook to delete.
Response example
{
  "ok": true
}

POST /account/webhooks/:id/rotate-secret

Rotates the signing secret for a webhook destination and returns the new secret once. Auth: Bearer token · Rate limit: Standard per-tier RPM 
curl -sS -X POST \
  -H "Authorization: Bearer $CS2C_API_KEY" \
  "$CS2C_API_BASE/account/webhooks/YOUR_WEBHOOK_ID/rotate-secret"
webhook_id
string
required
UUID of the webhook whose secret you want to rotate.
Response example
{
  "webhook": {
    "id": "3b1f1d4c-7b8e-4cc8-bb7b-5d8d0d2a7e11",
    "label": "Production alerts",
    "url": "https://hooks.example.com/cs2c",
    "secret_last4": "4c11",
    "is_active": true,
    "last_success_at": "2026-04-12T18:20:11Z",
    "last_failure_at": null,
    "last_failure_message": null,
    "created_at": "2026-04-01T12:00:00Z",
    "updated_at": "2026-04-12T18:20:11Z"
  },
  "secret": "whsec_live_9b1e2c3d"
}
secret
string
The new plaintext signing secret. Replace your stored secret with this value immediately.
The rotated secret is returned once only. Update your application’s secret value before closing the response. Any deliveries signed with the old secret will fail verification after rotation.
Last modified on May 31, 2026