# Webhooks

Webhooks allow Strategic Mobile to send event notifications to your application when message activity changes.

Common webhook events include inbound messages and delivery status updates.

## How webhooks work

When an event occurs, Strategic Mobile sends an HTTP `POST` request to the callback URL configured for your integration.

Webhook requests are sent with a JSON request body.

```http
Content-Type: application/json
```

Your endpoint should return any `2xx` response after it accepts the webhook event.

## Callback URLs

A callback URL is an HTTPS endpoint hosted by your application.

Your endpoint should be able to:

- Accept HTTP POST requests
- Parse JSON request bodies
- Return a 2xx response after accepting the event
- Handle duplicate or delayed events safely


## Authentication for webhook receivers

Webhook receiver authentication is controlled by your application.

Strategic Mobile does not require your callback URL to use a specific authentication method. You may protect your endpoint using your own controls, such as a secret path, allowlist, token, or other application-level checks.

Do not use your Strategic Mobile API Bearer token as a webhook receiver credential.

## Reliability and retries

Your application should treat webhook processing as idempotent.

A webhook event may be delayed, retried, or delivered more than once depending on network conditions and downstream processing. Store events using stable identifiers such as `msgId` where applicable.

## Related webhook pages

- [Receive inbound SMS](/docs/api/channels/sms/inbound-sms/receive-message)
- [Delivery receipts webhook](/docs/api/channels/sms/status-reports/delivery-receipts-webhook)