events:read.
List and filter
events.list returns an endpoint’s events newest-first, through an opaque keyset cursor. All filters are optional and combine with AND:
- provider — repeatable; matches any of the given providers.
- verification state —
verified,authenticated,failed, orunattempted; repeatable. - after / before — an RFC 3339 received-at range (after is inclusive, before is exclusive).
- search — a case-insensitive substring across the event’s id fields (provider event id, external id, dedup key) and its request header names and values; an exact match when the term is an event id.
limit caps a page at 200. On the CLI, --all follows the cursor to the end for you.
--provider and --status are repeatable (or comma-separated) for multi-select, and --before bounds the top of the range. Add --output json for a machine-readable stream.
Read one event
events.get returns a single event in full — request headers, its verification result, timing, and a pointer to the raw body.
Get the raw body
events.getPayload returns the exact captured bytes. On the wire the body rides a JSON envelope — contentType, bytes (the decoded length), and the base64-wrapped body — so binary payloads and exact-byte signature fidelity survive intact.
The CLI writes the raw bytes verbatim, so redirecting to a file is byte-exact:
TypeScript
Payload retrieval is available on the CLI, API, and SDKs. It isn’t exposed over MCP — an agent
reads event metadata with
events.get instead.Tail live
events.tail is a forward, cursor-based tail with a since grammar (now, beginning, a duration, or an RFC 3339 instant) and cursor bookkeeping — headCursor for the current head, caughtUp once a page reaches it, and lag for how far behind you are. It’s the pull form the API and SDKs expose.
For a live stream in your terminal, the CLI wraps it as wbhk listen <endpoint-id>, which prints each event as it arrives. Add --forward to re-deliver them to your local server instead — see replay to localhost.