For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • How Verifa Works
    • Quickstart
    • Choosing an Integration Method
  • Use Cases
    • KYC Onboarding
    • Age Verification
    • AML Compliance
    • Fraud Prevention
    • Marketplace Trust & Safety
  • Core Concepts
    • Overview
    • Sessions
    • Verifications & Checks
    • Workflows
    • Identities
    • Cases
    • Screening & Reports
    • Lists
  • Integration Guides
    • Overview
    • JavaScript SDK
    • Web Capture Flow
    • API-Only Integration
    • Mobile SDK
    • Webhooks Guide
    • MCP Server
    • Migrating from Persona
  • API Details
    • Overview
    • Authentication
    • Pagination
    • Rate Limiting
    • Versioning
    • Errors
    • Webhooks
    • Idempotency
    • Key Inflection
    • Data Access
    • Data Retention
  • Tutorials
    • Creating Your First Verification Session
    • Creating a Workflow
    • Receiving Webhooks & Validating Signatures
    • Handling Webhook Events
    • Custom Document Types & AI Extraction
  • Best Practices
    • Testing
    • Preventing Duplicates
    • Fraud Signals
    • Changelog
  • API Reference
      • POSTTest webhook delivery
      • GETList webhook endpoints
      • POSTCreate webhook endpoint
      • GETList available webhook event types
      • GETRetrieve webhook endpoint
      • DELDelete webhook endpoint
      • PATCHUpdate webhook endpoint
      • POSTRotate webhook signing secret
      • POSTClone webhook endpoint
      • GETList webhook deliveries
      • POSTRetry a failed webhook delivery
API ReferenceWebhooks

Clone webhook endpoint

POST
https://devapi.withverifa.com/api/v1/webhooks/endpoints/:endpoint_id/clone
POST
/api/v1/webhooks/endpoints/:endpoint_id/clone
$curl -X POST https://devapi.withverifa.com/api/v1/webhooks/endpoints/wh_abc123/clone \
>     -H "X-API-Key: <apiKey>" \
>     -H "Content-Type: application/json" \
>     -d '{}'
1{
2  "created_at": "2024-01-15T09:30:00Z",
3  "enabled": true,
4  "enabled_events": [
5    "verification.completed",
6    "verification.failed",
7    "session.expired"
8  ],
9  "environment": "live",
10  "id": "wh_def456",
11  "secret": "whsec_9f7a3b2c1d4e5f67890abcde1234567890abcdef1234567890abcdef12345678",
12  "updated_at": "2024-01-15T09:30:00Z",
13  "url": "https://example.com/webhooks/verifa",
14  "api_version": "2026-02-01",
15  "attribute_blocklist": [
16    "user.ssn",
17    "user.credit_card.number"
18  ],
19  "cloned_from": "wh_abc123",
20  "description": "Receives notifications for customer verification events",
21  "event_filter_conditions": {
22    "verification_status": "completed",
23    "region": "US"
24  },
25  "key_inflection": "camel",
26  "label": "Customer Verification Webhook"
27}

Creates a new webhook endpoint by copying the settings (URL, events, API version, key inflection, filter conditions) from an existing endpoint. The new endpoint gets a fresh signing secret.

Was this page helpful?
Previous

List webhook deliveries

Next
Built with

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Path parameters

endpoint_idstringRequired
The ID of the webhook endpoint to clone.

Headers

Verifa-VersiondateOptional

API version date string (e.g. 2026-02-01). If omitted, the version pinned to your API key is used.

Response

Cloned webhook endpoint with the new secret.
created_atdatetime
enabledboolean
enabled_eventslist of strings
Event types this endpoint is subscribed to. Empty means all events.
environmentenum
Allowed values:
idstring
secretstring

Per-endpoint HMAC-SHA256 signing secret. Used to verify the X-Verifa-Signature header on outbound webhook deliveries (HMAC over f"{t}.{raw_body}"). Always begins with whsec_. Only returned at endpoint creation and secret rotation — Verifa does not store the plaintext secret after this response, so capture and store it securely.

updated_atdatetime
urlstringformat: "uri"
api_versionstring or null
attribute_blocklistlist of strings
Attribute paths to exclude from webhook payloads.
cloned_fromstring
The ID of the source endpoint that was cloned.
descriptionstring or null
event_filter_conditionsmap from strings to any
Conditional filters applied before dispatching events to this endpoint.
key_inflectionenum
Allowed values:
labelstring or null

Errors

401
Unauthorized Error
404
Not Found Error