Get Webhooks
Retrieve all configured webhooks.
Authorization
apiKey clientId In: header
In: header
Query Parameters
Page number for pagination.
Number of items per page.
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "https://example.com/v2/webhooks"{
"count": 0,
"total": 0,
"webhooks": [
{
"eventType": "credentialVerified",
"url": "https://my.site/externalEvents",
"signature": {
"key": "a3f8c92e5d1b4f7a9e6c2d8b3f5a1c4e"
},
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"status": "active",
"addedAt": "2026-05-28T10:15:30.000Z",
"updatedAt": "2026-05-28T11:42:00.000Z"
}
],
"nextPage": "/v2/webhooks?page=3&perPage=10",
"prevPage": "/v2/webhooks?page=1&perPage=10"
}{
"status": 400,
"code": "missing_fields",
"detail": "string",
"errors": [
{
"detail": "string",
"pointer": "string",
"parameter": "string",
"header": "string",
"code": "string"
}
]
}{
"status": 400,
"code": "missing_fields",
"detail": "string",
"errors": [
{
"detail": "string",
"pointer": "string",
"parameter": "string",
"header": "string",
"code": "string"
}
]
}{
"status": 400,
"code": "missing_fields",
"detail": "string",
"errors": [
{
"detail": "string",
"pointer": "string",
"parameter": "string",
"header": "string",
"code": "string"
}
]
}{
"status": 400,
"code": "missing_fields",
"detail": "string",
"errors": [
{
"detail": "string",
"pointer": "string",
"parameter": "string",
"header": "string",
"code": "string"
}
]
}{
"status": 429,
"detail": "string",
"code": "f5d62b05-370e-48be-a755-8675ca146431"
}{
"status": 400,
"code": "missing_fields",
"detail": "string",
"errors": [
{
"detail": "string",
"pointer": "string",
"parameter": "string",
"header": "string",
"code": "string"
}
]
}{
"status": 500,
"detail": "string",
"code": "unexpected_error"
}Delete Webhook DELETE
Soft-delete a webhook. The record is retained for 48h with `status=deleted` before being pruned by DynamoDB TTL.
Update Webhook PATCH
Partial update of a webhook, identified by `webhookId`, following JSON Merge Patch (RFC 7396) semantics. Fields omitted from the request body keep their stored value. `null` on `signature` or `authentication` explicitly clears the stored value (the attribute is dropped from the record). `eventType` and `url` may not be `null` — they're required to have a value once the webhook exists. Reactivation is triggered when **any** of the following holds: - the request changes `url`, - the request changes `authentication` (including clearing it via `null`), or - the stored record's status is `failed` (in which case PATCH re-runs the activation handshake even when nothing about the configuration changes — this is the recovery path from a POST that returned `created_failed`, or from a previous PATCH whose handshake failed). When reactivation is triggered, the activation POST is re-run against the target URL. On a 2xx response the webhook moves back to `pending` and the response carries `code: updated_not_verified`; on a non-2xx response the request returns `400` and the stored record is left untouched (the prior `active` / `pending` / `failed` state is preserved). When no reactivation is required, the response carries `code: updated` and the stored status is unchanged.