Create a new webhook
Webhooks
Create Webhook
Creates a webhook endpoint for receiving events. Only OWNERS and ADMINS can create webhooks.
POST
Create a new webhook
Creates a webhook endpoint for receiving events. Only OWNERS and ADMINS can create webhooks.
⚠️ Important: Save the
Authentication
This endpoint requires authentication via Bearer token:- Authorization:
Bearer <token>
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
organizationId | string (UUID) | Yes | Organization ID |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
url | string | Yes | Webhook endpoint URL (must be valid HTTPS URL) |
events | array | Yes | Array of event types to subscribe to |
Available Events
Subscribe to any of these events:- Organization:
organization.created,organization.updated,organization.deleted - Members:
member.added,member.removed,member.role_updated - Invites:
invite.created,invite.accepted,invite.cancelled - OAuth:
oauth_app.created,oauth_app.revoked - Webhooks:
webhook.created
Permissions
Only OWNERS and ADMINS can create webhooks.Example Request
Example Response
secret value - it’s only returned once and used for signature verification.
Webhook Payload
Your endpoint will receive POST requests with this format:Signature Verification
All webhook requests include an HMAC SHA-256 signature in theX-Webhook-Signature header for verification.
Retry Logic
Failed webhook deliveries are retried up to 3 times with exponential backoff (1s, 5s, 30s).Common Errors
400 Bad Request
Invalid input data.401 Unauthorized
Authentication required.403 Forbidden
Only owners and admins can create webhooks.Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Body
application/json
Webhook endpoint URL
Example:
"https://example.com/webhooks"
Events to subscribe to
Available options:
organization.created, organization.updated, organization.deleted, member.added, member.removed, member.role_updated, invite.created, invite.accepted, invite.cancelled, oauth_app.created, oauth_app.revoked, webhook.created Example:
[
"organization.created",
"organization.updated"
]Response
Webhook created successfully. Returns webhook configuration with signing secret.