Create webhook endpoint
Registers a webhook endpoint for the project. The response includes a one-time signingSecret that the partner must store to verify incoming webhook signatures.
mode defaults to NOTIFICATION (async event delivery), of which a maximum of 5 ACTIVE per project is enforced - disable an existing one to make room. Pass REQUEST to register the project’s single synchronous authorization endpoint (exactly one per project, rotate-only).
Authorizations
API key as Bearer token
Headers
API version (YYYY-MM-DD)
2025-02-14 "2025-02-14"
Unique key for safely retrying this request. Up to 255 characters; we recommend a UUIDv4. The first request executes and its response is cached; subsequent requests with the same key replay the cached response (24h retention).
1 - 255Body
Human-readable label for this webhook (e.g. prod-events, staging-mirror). Surfaced in logs and the partner dashboard.
1 - 100HTTPS endpoint that will receive webhook POST requests. Must be reachable from the public internet (HTTPS only, no private IPs).
500Interaction pattern of the endpoint. Defaults to NOTIFICATION.
NOTIFICATION, REQUEST "NOTIFICATION"
Response
Created webhook, including its one-time signing secret.
Unique webhook identifier
Human-readable label
HTTPS endpoint that receives signed POSTs
Lifecycle status. Disabled webhooks receive no deliveries.
ACTIVE, DISABLED "ACTIVE"
Interaction pattern of the endpoint.
NOTIFICATION, REQUEST "NOTIFICATION"
Timestamp of the most recent successful delivery
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ISO 8601 creation timestamp
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$ISO 8601 last update timestamp
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$HMAC signing secret. Returned exactly once. Store it securely - it cannot be retrieved again. The previous secret (if any) is invalidated immediately.