webhooks

// Create (root = company-wide; forUser(id) = tenant-scoped). secret shown once.
const sub = await naive.webhooks.create(
  "https://app.example.com/api/webhooks/naive",
  ["email.received", "approval.resolved"],
);

await naive.webhooks.list();         // secrets are never returned
await naive.webhooks.eventTypes();   // { event_types: [...] }
await naive.webhooks.test(sub.id);   // deliver a signed test event
await naive.webhooks.remove(sub.id);

// Verify an incoming delivery (X-Naive-Signature = HMAC-SHA256 of the raw body)
import { verifyWebhookSignature } from "@usenaive-sdk/node";
const ok = verifyWebhookSignature(secret, rawBody, signatureHeader);