Skip to main content
WEBHOOK
tax_form.created
{
  "id": "78ce3584-0761-40ab-bcb1-ef7c5bffe095",
  "event": "tax_form.created",
  "created_at": "2026-03-10T23:45:07.878Z",
  "subscription_id": "48582de1-c2fb-4fd3-bdf3-39a7138d1164",
  "data": {
    "id": "ffc96bee-3ce9-4bfc-a436-c08cc2a3d33e",
    "recipient": {
      "id": "db783652-823b-46f8-88e2-93ae37442232",
      "firstName": "John",
      "lastName": "Doe",
      "nickname": null
    },
    "createdAt": "2026-03-10T23:45:07.868Z",
    "url": "https://url.com/pdf"
  }
}

Authorizations

Authorization
string
header
required

Pass your API key as a bearer token: Authorization: Bearer <API_KEY>.

Headers

X-Karat-Signature
string
required

HMAC-SHA256 signature of the delivery, in the format v1=<base64>.

X-Karat-Webhook-Timestamp
string
required

Unix epoch seconds when the event was sent. Used in the signed payload and for replay protection.

X-Karat-Subscription-Id
string<uuid>
required

The subscription this delivery belongs to. Use it to look up the signing secret.

X-Karat-Webhook-Id
string<uuid>
required

Unique delivery ID, for deduplication.

Body

application/json

Envelope delivered to your callback URL when an event fires.

id
string<uuid>

Unique ID for this delivery.

event
string
Example:

"payout.updated"

created_at
string<date-time>
subscription_id
string<uuid>
data
object

Event-specific payload.

Response

200

Return a 2xx status to acknowledge receipt.