Skip to main content
Webhooks let your server react to changes in the Padel API the moment they happen — no polling required. Register a public HTTPS endpoint, pick the events you care about, and we’ll POST a signed JSON payload to your URL each time one of them fires.

Push, not poll

Get notified within seconds of a tournament, match, or player change.

Signed & retried

Every payload is HMAC-SHA256 signed and retried up to 3 times on failure.

Prerequisites

Before you begin, make sure you have:
  • A Padel API account (sign up here)
  • An API token from your API Tokens page
  • A Business subscription (upgrade here) — required to register new webhooks
  • A public HTTPS endpoint that accepts POST requests with a JSON body

Step 1: Register a Webhook

Create a webhook subscription with POST /api/webhooks, sending the URL you control and the list of events you want to receive:

Response

The full secret is returned only once, on creation. Store it somewhere safe — subsequent reads return a masked value (********...XXXX) and there is no way to recover the original. If lost, delete the webhook and create a new one.

Step 2: Receive Events

Each time a subscribed event fires, we send a POST request to your URL with this body:

Payload reference

Request headers

Respond with any 2xx status code as fast as possible (within 3 seconds). Heavy processing should happen in a background job — if your endpoint times out, the delivery is retried.

Step 3: Verify the Signature

Always verify the Signature header before trusting a payload — it confirms the request came from the Padel API and was not tampered with in transit. The signature is calculated as:
Use a constant-time comparison (crypto.timingSafeEqual, hmac.compare_digest, hash_equals) to avoid timing attacks. A plain === comparison leaks information about the secret.

Step 4: Manage Retries and Failures

If your endpoint returns a non-2xx response or doesn’t reply within 3 seconds, we retry the delivery automatically. After 3 failed attempts, the event is dropped and logged on our side. The webhook itself is not automatically disabled.
Webhooks deliver events at-least-once. Network retries or transient errors may produce duplicates — make your handler idempotent by deduplicating on data.id + event + occurred_at.

Step 5: Update or Pause a Webhook

Change the URL or the list of subscribed events without recreating the webhook (and without losing the secret) using PATCH /api/webhooks/{id}:
Send an empty events array to pause delivery without deleting the webhook:
To stop a webhook permanently, delete it with DELETE /api/webhooks/{id}:
You can list every webhook you own with GET /api/webhooks, or fetch one by id with GET /api/webhooks/{id}.

Available Events

The data field of each event contains the same shape as the corresponding REST resource — see the API Reference for the exact schema of each one.

Tips

Use WebSockets for point-by-point live scoreboards where every second matters and your client is a browser or mobile app. Use Webhooks for backend integrations: syncing your own database, triggering notifications, updating CRMs — anything where a server-to-server push is more natural than a persistent connection. See WebSockets for the live alternative.
Webhooks require a public HTTPS endpoint, but you don’t need to deploy. Tools like ngrok, Cloudflare Tunnel or Tailscale Funnel expose your local server with a temporary HTTPS URL — register that URL as your webhook target during development, then update it to your real endpoint when you go live.
Webhooks only fire for changes that happen after the subscription is created. To bootstrap your local copy, do an initial fetch with the REST endpoints (e.g. GET /api/tournaments?per_page=100) and then let webhooks keep you in sync. See the Data Synchronization guide for the full pattern.
Webhooks for match.updated only fire at significant transitions — typically when a match starts and when it ends. Point-by-point and score updates while the match is in progress are not delivered as webhooks; subscribe to the WebSocket channel for real-time live data instead.
Secrets are non-recoverable. If yours leaks or you forget it, delete the webhook and create a new one — your URL stays the same, just rotate the PADEL_WEBHOOK_SECRET env var on your server.

Next steps

WebSockets

Real-time point-by-point updates for live matches

Data Synchronization

Bootstrap and keep your local data in sync

API Reference

Full endpoint documentation with parameters and responses