A

Real-time

Webhooks & events.

Subscribe your backend to WhatsApp events. Buzpo delivers HMAC-signed POSTs with retries; the engine mirrors Baileys's "log + continue" semantics so a slow webhook never blocks delivery.

Per-session URLs

Each session can have its own webhook endpoint and HMAC secret.

No sessions configured yet.

Event types

v1
  • message_received
    Inbound text/media from any peer or group
    live
  • message_sent
    Outbound message acked by WhatsApp
    live
  • message_failed
    Send failure surfaced from the gateway
    live
  • qr_updated
    Fresh QR ready during pairing
    live
  • session.connected
    Session opened a live WhatsApp Web socket
    live
  • session.disconnected
    Socket closed (auto-reconnect pending)
    live
  • session.logged_out
    Phone unlinked — fresh QR required
    live

Verify signatures

Every delivery includes X-Buzpo-Signature: sha256=<hex> computed over the raw body.

import crypto from "node:crypto";

export function verifyBuzpo(req: Request, secret: string, raw: string) {
  const sig = req.headers.get("x-buzpo-signature")?.replace("sha256=", "");
  const expected = crypto.createHmac("sha256", secret).update(raw).digest("hex");
  return sig === expected;
}