Pro server webhooks (guild dashboard)

Guild Pro (per-server subscription) can configure an outbound HTTPS webhook in the dashboard under Pro features. This is not the same as Partner API keys: partners receive staff-managed REST API keys for /detect and related endpoints (see API Reference). Pro webhooks are server-owned URLs that AntiScammer POSTs to when certain detections are stored.

When we POST

• Every stored detection whose type is scam, or
• Other detection types when the score is at or above 75 on a 0–100 scale (the usual default for non-scam types), if a webhook URL is configured.

Payloads are compact JSON (e.g. type, guild_id, detection_id, channel_id, message_id, user_id_discord, score, detection_type, action_taken, matched_rules).

HTTPS

Only https:// URLs are accepted for new saves.

Optional signing secret

If you set a signing secret in the dashboard, each request includes:

• X-Antiscammer-Timestamp — Unix seconds as a string
• X-Antiscammer-Signature — lowercase hex HMAC-SHA256 of {timestamp}.{raw JSON body} using your secret

Verify in your webhook handler by recomputing the HMAC and comparing in constant time.

Test button

Use Send sample payload in the dashboard to confirm connectivity and signature verification.

CSV exports

Pro servers can download CSV exports (detection exclusions, reports, detections) from the same Pro features page.