Overview
Webhooks deliver platform notifications to an HTTPS endpoint you control. Use the /webhooks endpoints to register and manage endpoints, /webhooks/event-types to discover the events you can subscribe to, and /webhooks/events to list, inspect, and retry the deliveries those endpoints receive. The signing secret is returned once at creation — use it to verify the signature on every delivery.
- List webhooksGET/webhooks
- Create webhookPOST/webhooks
- Get webhookGET/webhooks/:id
- Update webhookPATCH/webhooks/:id
- Delete webhookDELETE/webhooks/:id
- Rotate signing secretPOST/webhooks/:id/rotate-secret
- List event typesGET/webhooks/event-types
- List delivery eventsGET/webhooks/events
- Get delivery eventGET/webhooks/events/:id
- Retry delivery eventPOST/webhooks/events/:id/retry
List Webhooks
Use Case
Returns a paginated list of webhook endpoints registered for the organization.
Query Parameters
Opaque cursor — pass `next_cursor` from a prior response to fetch the next page.
Opaque cursor for reverse pagination.
Page size; bounded by the endpoint maximum.
Create Webhook
Use Case
Registers a new webhook endpoint for platform notifications. The signing secret is returned once at creation time; subsequent reads do not include it. Pass event_types to filter to a subset, or omit it to receive every event the platform emits.
Request Body
Display name for the endpoint.
HTTPS endpoint that will receive delivery events.
Event types to subscribe to. Omit to receive every event the platform emits. See the List Event Types endpoint for the canonical list.
Pass an optional Idempotency-Key header (1–255 printable ASCII chars) to safely retry creation. The same key with the same body returns the cached response; the same key with a different body returns 409.
Get Webhook
Use Case
Returns a single webhook endpoint by ID.
Get Webhook Response
Unique identifier for the webhook endpoint.
Resource type identifier. Always `webhook`.
Display name given to the endpoint when it was created.
HTTPS endpoint that receives delivery events.
Lifecycle status of the endpoint (e.g. `active`).
Event types this endpoint is subscribed to. See the List Event Types endpoint for the full catalog.
Whether a signing secret is configured. The plaintext secret is never returned on reads — only at creation and on rotation.
RFC 3339 timestamp of the most recent delivery attempt. Omitted entirely until the endpoint is first triggered.
RFC 3339 timestamp of when the endpoint was created.
RFC 3339 timestamp of the most recent change.
Update Webhook
Use Case
Partially updates a webhook endpoint's url, name, or event_types filter. Only the fields you supply are changed.
Request Body
Updated display name.
Updated HTTPS endpoint.
Updated event-type filter. Replaces the existing set.
Update Webhook Response
Returns the full webhook object with your changes applied. updated_at advances to the time of the change; signing_secret is not included.
Unique identifier for the webhook endpoint.
Resource type identifier. Always `webhook`.
Display name after the update.
HTTPS endpoint after the update.
Lifecycle status of the endpoint (e.g. `active`).
Event-type filter after the update.
Whether a signing secret is configured. The plaintext secret is never returned on update.
RFC 3339 timestamp of when the endpoint was created. Unchanged by updates.
RFC 3339 timestamp of this change.
Delete Webhook
Use Case
Soft-deletes a webhook endpoint. Subsequent platform events will not be delivered to its URL.
Response: 204 No Content — empty body.
Rotate Signing Secret
Use Case
Generates a new HMAC signing secret for this webhook. The new secret is returned once — store it before the response closes.
Rotate Signing Secret Response
Resource type identifier. Always `signing_secret`.
The new HMAC signing secret. Returned only on this response — store it before the response closes.
List Event Types
Use Case
Returns the canonical list of all platform event types that can be delivered to webhook endpoints. Use these values in the event_types filter when creating or updating a webhook.
Event Type Object
The event type identifier to use in an `event_types` filter (e.g. `transaction.confirmed`).
Grouping the event belongs to: `wallet`, `security`, or `compliance`.
Human-readable name for the event.
What triggers this event.
List Delivery Events
Use Case
Returns a paginated list of platform notification deliveries across all webhook endpoints, newest first. Filter to a single endpoint with webhook_id, or by delivery status.
Query Parameters
Opaque cursor — pass `next_cursor` from a prior response to fetch the next page.
Opaque cursor for reverse pagination.
Page size; bounded by the endpoint maximum.
Filter by delivery status: `pending`, `delivered`, or `failed`.
Narrow the listing to a single webhook endpoint.
Get Delivery Event
Use Case
Returns a single delivery event by ID. The event must belong to a webhook owned by the caller's organization.
Get Delivery Event Response
The payload is a single WebhookEventResponse — the same object documented under List Delivery Events. Refer there for the per-field explanations.
Retry Delivery Event
Use Case
Re-queues the specified platform notification delivery for another attempt. Useful for re-delivering events that previously failed. Org ownership is enforced via the delivery's parent webhook.
Retry Delivery Event Response
Resource type identifier.
Result of the re-queue request (e.g. `queued`).