Custom Domain
API referenceWebhooks

Register a webhook endpoint (secret returned once)

POST
/webhooks

Registers an HTTPS receiver under the calling application. The secret (whsec_…) is returned ONCE — store it to verify signatures. An empty events array subscribes to all events; "*" also matches all.

Authorization

widgetJWT
AuthorizationBearer <token>

Short-lived widget JWT minted server-side via POST /v1/tokens. Scoped to one application (and optionally one domain).

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://example.com/webhooks" \  -H "Content-Type: application/json" \  -d '{    "url": "http://example.com"  }'
{  "id": "string",  "application_id": "string",  "url": "http://example.com",  "events": [    "string"  ],  "secret": "string",  "created_at": "2019-08-24T14:15:22Z"}
{  "code": "string",  "title": "string",  "details": "string"}
{  "code": "string",  "title": "string",  "details": "string"}
{  "code": "string",  "title": "string",  "details": "string"}