Delivery you can verify

Real-time, signed and retried events

Every click and scan becomes a signed JSON event at your endpoint within seconds — HMAC signatures your systems can verify, automatic retries with backoff when you're down, and a per-attempt delivery log that proves what happened.

Real-time, signed and retried events in the xengo console
Built like infrastructure, not a nice-to-have

The event is the product

Most link tools treat the scan as a statistic to show you next month. xengo treats it as an event your systems act on now — so the delivery pipeline is engineered like infrastructure: signed payloads, stable event ids, backoff retries, dead-letter queues and an auditable log. If your workflow depends on knowing, it has to be this solid.

  1. 1

    Add an endpoint

    Create a webhook (or Zapier / Make / n8n) channel and store its whsec_ signing secret — shown once, like an API key.

  2. 2

    Verify and act

    Each click or scan lands as a signed JSON event within seconds. Check the signature in a few lines and trigger whatever should happen next.

  3. 3

    Trust the log

    Endpoint down? We retry with backoff and record every attempt in a per-channel delivery log you can read in the console.

Signed, so your systems can trust it

Every delivery to an endpoint you own carries Svix-compatible signature headers — webhook-id, webhook-timestamp and an HMAC-SHA256 webhook-signature keyed on a secret only you hold. Verify with any Svix library or five lines of stdlib code; reject anything that doesn't check out.

  • Svix-compatible headers on every delivery
  • whsec_ secret minted per channel, shown once
  • Timestamp header for replay-window checks

Retried, so an outage isn't an outage

A failed delivery is never dropped silently. We re-attempt with increasing backoff — 30 seconds, 2, 10, 15 and 15 minutes — six attempts in all. The event id stays identical on every attempt, so your de-duplication is trivial, and poison messages park on a dead-letter queue instead of vanishing.

  • Six attempts across ~45 minutes of backoff
  • Same webhook-id every attempt — de-dupe key
  • Dead-letter queues, not silent loss

Logged, so you can prove what happened

Each channel keeps a per-attempt delivery log: when it fired, for which link, which attempt, and the HTTP result. When someone asks "did the alert go out?", you answer with a record, not a shrug.

  • Every attempt recorded with its HTTP status
  • Read it in the console, per channel
  • Retention scales with your plan
On the wire

What a signed delivery looks like

Real headers, real payload, real verification — nothing you can't check yourself:

your-endpoint.example.com
Headers
POST /hooks/xengo HTTP/1.1
content-type: application/json
webhook-id: evt_9f2c41d8a6b34e07
webhook-timestamp: 1752321600
webhook-signature: v1,K5oZfzN95Z9nWl27qEXs2go1...
Payload
{
  "event": "click",
  "source": "qr",
  "code": "spring24",
  "shortUrl": "go.acme.com/spring24",
  "destination": "https://acme.com/offer",
  "tags": { "campaign": "spring", "site": "leeds" },
  "at": "2026-07-12T11:20:00+00:00",
  "referer": null,
  "ua": "Mozilla/5.0 (iPhone..."
}
Five lines of stdlib — or any Svix library
import base64, hashlib, hmac

def verify(secret, headers, raw_body: bytes) -> bool:
    key = base64.b64decode(secret.split("_", 1)[1])
    signed = (f"{headers['webhook-id']}."
              f"{headers['webhook-timestamp']}.").encode() + raw_body
    want = base64.b64encode(
        hmac.new(key, signed, hashlib.sha256).digest()).decode()
    return any(hmac.compare_digest(f"v1,{want}", c)
               for c in headers["webhook-signature"].split())
An endpoint outage, as your delivery log sees it
attempt 1   immediate      → 503  logged
attempt 2   +30 seconds    → 503  logged
attempt 3   +2 minutes     → 503  logged
attempt 4   +10 minutes    → 200  logged ✓ delivered

same webhook-id on every attempt — de-dupe and
you will never double-count a click.

Everything you'd expect — and the parts you wouldn't

Within seconds

Events flow through a decoupled queue off the redirect hot path — typically with you in seconds, never blocking the visitor.

At-least-once

Honest semantics: rare duplicates are possible after timeouts — de-dupe on webhook-id and you're exact.

Structured JSON

Event, source (link/QR/NFC), code, destination, tags, timestamp, referrer and device — ready to route on.

24 channels

The same event can also ping Slack, Teams, PagerDuty, Telegram and twenty more — no code required.

Automation-native

Zapier, Make, n8n, Pipedream and Power Automate catch hooks are signed too — real-time, not polling.

Screened upstream

Events come from destinations that passed link-safety screening — your automations act on trusted clicks.

Frequently asked questions

Which deliveries are signed?

Every channel that posts to an endpoint you own: the generic webhook plus Zapier, Make, n8n, Pipedream, Power Automate and Home Assistant. Chat apps like Slack and Teams use their own incoming-webhook URLs and ignore extra headers, so they aren't signed.

What happens if my endpoint is down?

We retry with increasing backoff — 30s, 2m, 10m, 15m, 15m — six attempts in total, then record the terminal failure in the delivery log. The webhook-id is identical on every attempt so retries never double-count on your side.

How fast is delivery?

Typically seconds. Events leave the redirect path immediately via a queue, so a slow receiver never slows a visitor. We publish honest latency semantics rather than claiming sub-second magic.

How do I verify a signature?

Recompute HMAC-SHA256 over "id.timestamp.body" with the base64 part of your whsec_ secret and compare to the v1 value in webhook-signature — or pass the three headers to any Svix verification library.

Which plans include this?

Email alerts are on every plan. Webhook and automation channels — with signing, retries and the delivery log — are included from the Pro plan.

One platform. Everything a link should do.

Smart URLs, dynamic QR codes and a full API — branded on your own domain, safety-screened, and tracked. Build, re-point and measure it all in one place.

Start free trial
1,284 clicks
go.acme.com/spring
1 London 412
2 Manchester 168
3 Bristol 94

Smart URLs

Branded short links on a domain you control — editable, screened, and tracked.

Popular Smart URLs features

  • Your own custom domain, auto-HTTPS
  • Re-point live links without reprinting
  • Every destination safety-screened
  • Honest, bot-filtered analytics

Dynamic QR

Branded QR codes you can re-point any time — never reprint the poster again.

Popular Dynamic QR features

  • Editable destination behind every code
  • Your brand colours + logo
  • Real-time scan alerts
  • Per-code scan analytics
$ curl -X POST api.xengo.io/v1/links
{
  "domain": "go.acme.com",
  "url": "https://acme.com/…"
}
→ 201 go.acme.com/aB3xK

API

Create and manage links + QR at scale, straight from your own tools.

Popular API features

  • REST API with scoped keys
  • Bulk-create thousands of links
  • Programmatic QR generation
  • Webhooks + click / scan alerts

Wire your first event in minutes

Create a channel, keep the secret, verify the signature — and let every click and scan drive the systems you already run.