Webhooks

Prepared's Partner API sends real-time notifications to your application when events occur. Webhooks are HTTP POST requests sent to a URL you configure during integration setup.

How Webhooks Work

An event occurs in Prepared (e.g., incident created, location updated)
Prepared sends an HTTP POST request to your webhook URL
Your server processes the event and returns a 200 status code
If delivery fails, Prepared retries with exponential backoff

Webhook Types by Scope

CAD Webhooks (`cad_incidents` scope)

For CAD provider integrations receiving data back from Prepared:

Event	Description
`note_created`	AI summary, media link, or incident link added
`location_updated`	Caller location updated

View CAD Webhooks Schema →

Incident Events Webhooks (`incident_events` scope)

For first responder applications receiving incident updates:

Event	Description
`incident_metadata`	Incident created or updated
`caller_location`	Caller location updated
`media`	Photo, video, or recording attached

View Incident Events Webhooks Schema →

Setting Up Webhooks

Provide your webhook URL to your Prepared integration contact
Configure authentication — Tell Prepared which method you will use (see Webhook Security below).
Implement webhook handlers for the events relevant to your integration
Return 200 status to acknowledge receipt

Webhook Security

Per partner, authentication is one of:

Auth header / long-lived token — You provide a Bearer token to Prepared; Prepared includes it in the Authorization header when calling your webhook. Your endpoint validates that the token matches what you issued.
OAuth client ID + secret — Prepared uses your client_id and client_secret to authenticate when calling your webhook (e.g. obtaining a token per request or using a cached token).

Your webhook endpoint should validate requests using whichever method you and Prepared agreed on.

Best Practices

Respond quickly — Return 200 as soon as possible, then process asynchronously
Handle duplicates — Use event IDs to deduplicate if your handler isn't idempotent
Log everything — Keep records of webhook payloads for debugging
Monitor failures — Set up alerts for webhook processing errors

Example Handler

app.post('/webhooks/prepared', async (req, res) => {
  // Validate authentication
  const token = req.headers.authorization?.replace('Bearer ', '');
  if (!validateToken(token)) {
    return res.status(401).send('Unauthorized');
  }

  // Acknowledge receipt immediately
  res.status(200).send('OK');

  // Process asynchronously
  const event = req.body;
  await processWebhookEvent(event);
});

Next Steps

CAD Webhooks Schema — Full schema details for CAD provider webhooks
Incident Events Webhooks Schema — Full schema details for responder app webhooks
Review Integration Checklist

How Webhooks Work​

Webhook Types by Scope​

CAD Webhooks (cad_incidents scope)​

Incident Events Webhooks (incident_events scope)​

Setting Up Webhooks​

Webhook Security​

Best Practices​

Example Handler​

Next Steps​