Documentation
Webhooks
Register an endpoint under Webhooks to get a signed POST whenever a matching event fires (register, login, license, check, file, var, blocked). Each delivery includes an X-LumenAuth-Signature header — an HMAC-SHA256 of the raw body using your webhook secret.
Payload
json
{
"type": "register",
"success": true,
"email": "user@x.com",
"ip": "203.0.113.5",
"hwid": "DEVICE-ID",
"message": "Redeemed LUMEN-…",
"timestamp": "2026-07-06T21:00:00.000Z"
}Verify the signature (Node.js)
js
import { createHmac, timingSafeEqual } from "crypto";
function verify(rawBody, signature, secret) {
const expected = createHmac("sha256", secret).update(rawBody).digest("hex");
return timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}