> ## Documentation Index
> Fetch the complete documentation index at: https://apidocs.erlc.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Event Webhooks

### **Event webhooks**

To receive event webhooks from the game:

1. Open your private server settings.
2. Search for **Event Webhook**.
3. Paste an **HTTPS URL** that can receive **JSON** `POST` requests.

Your endpoint must verify Ed25519 signatures on every request. The game will only save webhook URLs that pass our validation check.

***

### **Requirements**

#### **Your endpoint must accept**

* `POST` requests with a JSON body
* These headers on every signed request:
  * `X-Signature-Ed25519` (hex-encoded Ed25519 signature)
  * `X-Signature-Timestamp` (Unix timestamp string)

#### **Your endpoint must:**

1. Read the **raw request body bytes** exactly as received (do not re-serialize JSON).
2. Read `X-Signature-Timestamp`.
3. Read `X-Signature-Ed25519`.
4. Verify the signature over:
   ( message = timestamp + raw\_body )
   Where `timestamp` is the header value as a string, concatenated directly with the raw body bytes.
5. Return:
   * **2xx** only if the signature is valid
   * **4xx** if headers are missing, malformed, or signature verification fails

***

### **Public key**

Use this Ed25519 Public key (base64, SubjectPublicKeyInfo / SPKI):

Copy

```text theme={null}
MCowBQYDK2VwAyEAjSICb9pp0kHizGQtdG8ySWsDChfGqi+gyFCttigBNOA=
```

***

### **Implementation Details**

#### **Inputs**

* `timestamp`: the exact string from `X-Signature-Timestamp`
* `sigHex`: the exact string from `X-Signature-Ed25519` (hex)
* `rawBody`: raw request bytes

#### **Steps**

1. Decode `sigHex` from hex to bytes.
2. Build `message` as:
   * bytes of `timestamp` in UTF-8
   * followed immediately by `rawBody`
3. Verify Ed25519 signature using the public key above.

#### **Common pitfalls**

* Do not use a parsed JSON object when verifying. You must use the raw body.
* Do not add separators or whitespace between timestamp and body.
* Treat the signature as hex, not base64.
* Ensure your framework does not auto-consume the body before you capture it.

***

## **What events are sent?**

Currently, the game will send a webhook for:

* Messages starting with **;**
  * This allows your integration to create custom in-game commands!
* Emergency Calls

More events may be added in the future. Please note: the webhook system is not intended to replace polling the HTTP APIs.
