Skip to content
Polaris Express Docs

Webhook endpoints

Inbound webhook receivers. Polaris Express exposes endpoints under /api/webhook/ for third-party services (notably Lago) to push events back into the platform — subscription changes, invoice state transitions, and similar.

These endpoints are unauthenticated in the BetterAuth sense; they are authenticated by the sending service via a shared secret or signature header. They are not intended to be called by end users or admins.

Base URL

Section titled “Base URL”

Webhook endpoints are served from the admin host:

https://admin.polaris.express

Sending services should be configured with the fully-qualified webhook URL, not a relative path.

Authentication

Section titled “Authentication”

Each provider authenticates differently. See the per-endpoint section below for the exact header and verification scheme.

Polaris Express does not accept session cookies or BetterAuth bearer tokens on webhook routes — only the provider’s own signature scheme.

Endpoints

Section titled “Endpoints”

Examples

Section titled “Examples”