Skip to main content
POST
/
webhooks
Create a webhook endpoint
curl --request POST \
  --url https://sandbox.api.reap.global/webhooks/ \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'Reap-Version: <reap-version>' \
  --header 'idempotency-key: <idempotency-key>' \
  --data '
{
  "name": "<string>",
  "url": "<string>"
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "name": "<string>",
  "url": "<string>",
  "status": "ACTIVE",
  "lastUsedAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z",
  "signingSecret": "<string>"
}

Authorizations

Authorization
string
header
required

API key as Bearer token

Headers

Reap-Version
enum<string>
required

API version (YYYY-MM-DD)

Available options:
2025-02-14
Example:

"2025-02-14"

Idempotency-Key
string

Unique key for safely retrying this request. Up to 255 characters; we recommend a UUIDv4. The first request executes and its response is cached; subsequent requests with the same key replay the cached response (24h retention).

Required string length: 1 - 255
idempotency-key
string
required

Unique key for safely retrying this request. Up to 255 characters; we recommend a UUIDv4. The first request executes and its response is cached; subsequent requests with the same key replay the cached response (24h retention).

Required string length: 1 - 255

Body

name
string
required

Human-readable label for this webhook (e.g. prod-events, staging-mirror). Surfaced in logs and the partner dashboard.

Required string length: 1 - 100
url
string<uri>
required

HTTPS endpoint that will receive webhook POST requests. Must be reachable from the public internet (HTTPS only, no private IPs).

Maximum string length: 500

Response

Created webhook, including its one-time signing secret.

id
string<uuid>
required

Unique webhook identifier

name
string
required

Human-readable label

url
string
required

HTTPS endpoint that receives signed POSTs

status
enum<string>
required

Lifecycle status. Disabled webhooks receive no deliveries.

Available options:
ACTIVE,
DISABLED
Example:

"ACTIVE"

lastUsedAt
string<date-time> | null
required

Timestamp of the most recent successful delivery

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
createdAt
string<date-time>
required

ISO 8601 creation timestamp

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
updatedAt
string<date-time>
required

ISO 8601 last update timestamp

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
signingSecret
string
required

HMAC signing secret. Returned exactly once. Store it securely - it cannot be retrieved again. The previous secret (if any) is invalidated immediately.