Register a webhook endpoint

Create a webhook endpoint and receive its signing secret. The secret is returned exactly once in this response — store it immediately; it cannot be retrieved later.

Authentication: Supports API key and bearer token authentication.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Headers

X-Organization-IDstring or nullOptional

Request

This endpoint expects an object.
urlstringRequiredformat: "uri"1-2083 characters
HTTPS URL we will POST events to
event_typeslist of stringsRequired

Allowlist of event type names (e.g. [‘elp_test.scored’]). Must contain at least one entry.

descriptionstring or nullOptional<=500 characters
headersmap from strings to strings or nullOptional
Optional static headers we will include on every request to this endpoint.

Response

Successful Response
idstringformat: "^ep_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
organization_idstringformat: "^org_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
urlstring
descriptionstring or null
event_typeslist of strings
headersmap from strings to strings or null
statusenum

Endpoint lifecycle state.

DISABLED is reserved for automatic disable by the auto-disable job; PAUSED is explicitly paused and indicates intent to resume.

disabled_reasonstring or null
created_atdatetime
updated_atdatetime
signing_secretstring

whsec_<base64> — store this; it is not retrievable later.

Errors

401
Unauthorized Error
403
Forbidden Error
422
Unprocessable Entity Error
429
Too Many Requests Error