Documentation
Generic Webhooks
RivalVantage POSTs a signed JSON payload to your endpoint when a competitor event fires.
Payload schema
{
"event": "competitor.change_detected",
"workspace_id": 123,
"timestamp": "2026-03-28T10:00:00Z",
"competitor": { "name": "Acme Corp" },
"change": {
"category": "pricing_shift",
"significance": "high",
"significance_score": 85,
"event_type": "pricing_shift",
"summary": "Removed free tier from pricing page",
"source_url": "https://acme.com/pricing"
}
} Verifying signatures
Every request includes X-RivalVantage-Signature (sha256=...) and X-RivalVantage-Timestamp. Compute HMAC-SHA256(rawBody, signingSecret) and compare with timing-safe equality.
Node.js
import { createHmac, timingSafeEqual } from 'node:crypto';
function verifySignature(rawBody, signingSecret, signatureHeader) {
const expected = 'sha256=' + createHmac('sha256', signingSecret)
.update(rawBody).digest('hex');
return timingSafeEqual(Buffer.from(expected), Buffer.from(signatureHeader));
} Python
import hmac, hashlib
def verify_signature(raw_body: bytes, secret: str, header: str) -> bool:
expected = 'sha256=' + hmac.new(
secret.encode(), raw_body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected, header) Delivery behavior
- 5 second timeout per request
- No automatic retries in v1
- High-significance events fire immediately; medium events fire during digest window
- Use the Test button in Settings → Integrations to verify your endpoint