> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webhook.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Pull a watermark-bounded forward page of events (cursor-pull tail)



## OpenAPI

````yaml https://api.webhook.co/openapi.json get /v1/endpoints/{endpointId}/events/tail
openapi: 3.1.0
info:
  title: webhook.co API
  version: 1.0.0
  description: >-
    The webhook.co REST API: create ingest endpoints, inspect captured events,
    manage delivery destinations and subscriptions, and replay events. All
    requests are authenticated with a bearer `whk_` API key. Responses are JSON;
    every successful response is HTTP 200. Errors use a JSON `{error, message}`
    envelope, except 401/403 which are empty-bodied with a WWW-Authenticate
    header.
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - url: https://api.webhook.co
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Endpoints
    description: Create, inspect, and manage ingest endpoints and their secrets.
  - name: Events
    description: Browse, fetch, tail, and replay captured events.
  - name: Deliveries
    description: Observe outbound delivery attempts.
  - name: Replay Destinations
    description: Manage the allowlist of remote delivery destinations.
  - name: Subscriptions
    description: Configure auto-delivery routing rules.
  - name: Audit
    description: Verify the tamper-evident audit chain.
  - name: Identity
    description: Inspect the authenticated principal.
paths:
  /v1/endpoints/{endpointId}/events/tail:
    get:
      tags:
        - Events
      summary: Pull a watermark-bounded forward page of events (cursor-pull tail)
      operationId: eventsTail
      parameters:
        - name: endpointId
          in: path
          required: true
          schema:
            type: string
            format: uuid
            pattern: >-
              ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
        - name: sinceCursor
          in: query
          required: false
          description: Opaque cursor to resume from (mutually exclusive with since).
          schema:
            type: string
        - name: since
          in: query
          required: false
          description: 'Server-resolved grammar: now | beginning | <duration> | <RFC3339>.'
          schema:
            type: string
      responses:
        '200':
          description: Success.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EventsTailResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - bearerAuth: []
components:
  schemas:
    EventsTailResponse:
      type: object
      properties:
        items:
          type: array
          items:
            $ref: '#/components/schemas/EventSummary'
        nextCursor:
          anyOf:
            - type: string
            - type: 'null'
        headCursor:
          anyOf:
            - type: string
            - type: 'null'
        caughtUp:
          type: boolean
        lag:
          type: object
          properties:
            backlogCount:
              type: integer
              minimum: 0
              maximum: 9007199254740991
            headLagMs:
              type: integer
              minimum: 0
              maximum: 9007199254740991
          required:
            - backlogCount
          additionalProperties: false
      required:
        - items
        - nextCursor
      additionalProperties: false
    EventSummary:
      type: object
      properties:
        id:
          type: string
          format: uuid
          pattern: >-
            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
        orgId:
          type: string
          format: uuid
          pattern: >-
            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
        endpointId:
          type: string
          format: uuid
          pattern: >-
            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
        receivedAt:
          type: string
          format: date-time
        provider:
          anyOf:
            - $ref: '#/components/schemas/Provider'
            - type: 'null'
        dedupKey:
          type: string
        dedupStrategy:
          type: string
          enum:
            - sw_webhook_id
            - provider_event_id
            - content_hash
        verified:
          type: boolean
        verificationState:
          $ref: '#/components/schemas/VerificationState'
      required:
        - id
        - orgId
        - endpointId
        - receivedAt
        - provider
        - dedupKey
        - dedupStrategy
        - verified
      additionalProperties: false
    Error:
      type: object
      description: The JSON error envelope for capability faults.
      properties:
        error:
          type: string
          description: A stable capability-error code.
        message:
          type: string
          description: A human-readable description.
      required:
        - error
        - message
    Provider:
      type: string
      enum:
        - stripe
        - github
        - shopify
        - slack
        - standard_webhooks
        - clerk
        - resend
        - stytch
        - supabase
        - render
        - brex
        - openai
        - replicate
        - polar
        - gemini
        - incident_io
        - etsy
        - vanta
        - pusher
        - quickbooks
        - chargify
        - launchdarkly
        - modern_treasury
        - autodesk_aps
        - mongodb_atlas
        - xero
        - segment
        - aftership
        - onfleet
        - webflow
        - klaviyo
        - mux
        - shippo
        - buildkite
        - ms_teams
        - ably
        - squarespace
        - nylas
        - linkedin
        - tiktok
        - airship
        - lob
        - persona
        - bolt
        - primer
        - airwallex
        - affirm
        - keygen
        - constant_contact
        - telegram
        - mixpanel
        - new_relic
        - fillout
        - zapier
        - tally
        - loops
        - customer_io
        - framer
        - box
        - configcat
        - ashby
        - merge_dev
        - cronofy
        - increase
        - finch
        - knock
        - deel
        - razorpay
        - sentry
        - linear
        - dropbox
        - checkout_com
        - lemon_squeezy
        - coinbase_commerce
        - dwolla
        - gocardless
        - notion
        - meta
        - woocommerce
        - bitbucket
        - atlassian_jira
        - x
        - clickup
        - npm
        - heroku
        - dub
        - cal_com
        - asana
        - circleci
        - pagerduty
        - airtable
        - calendly
        - zoom
        - customerio
        - sinch
        - workos
        - front
        - zendesk
        - twitch
        - paddle
        - recurly
        - docusign
        - vercel
        - intercom
        - paystack
        - authorize_net
        - sanity
        - square
        - trello
        - twilio
        - mandrill
        - hubspot
        - adyen
        - mailgun
        - mercado_pago
        - braintree
        - contentful
        - plivo
        - typeform
        - messagebird
        - netlify
        - vonage
        - monday
        - jira_connect
        - discord
        - telnyx
        - sendgrid
        - wise
        - kinde
        - paypal
        - aws_sns
        - plaid
        - ebay
        - gitlab
        - microsoft_graph
        - chargebee
        - postmark
        - sparkpost
        - okta
        - bigcommerce
        - datadog
        - brevo
    VerificationState:
      type: string
      enum:
        - verified
        - authenticated
        - failed
        - unattempted
  responses:
    BadRequest:
      description: The request failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >-
        Missing or invalid bearer credential. Empty body; the WWW-Authenticate
        header carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    Forbidden:
      description: >-
        The credential is valid but lacks the required scope. Empty body;
        WWW-Authenticate carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    NotFound:
      description: The referenced resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    TooManyRequests:
      description: A rate limit or soft cap was exceeded.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: An unexpected server error. The body is a plain-text sentinel.
      content:
        text/plain:
          schema:
            type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: opaque
      description: A `whk_`-prefixed API key (opaque; not a JWT).

````