Create webhook endpoint | Verifa

Creates a new webhook endpoint for the authenticated organization. The signing secret is returned only in this response — store it securely.

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Request

This endpoint expects an object.

urlstringRequiredformat: "uri"

The HTTPS URL to receive webhook events.

labelstringOptional

Human-readable label for this endpoint.

descriptionstringOptional

enabled_eventslist of stringsOptional

Event types to subscribe to. Omit or pass ["*"] to receive all events. Available types include session.approved, session.declined, session.resubmission-required, identity.created, identity.updated, identity.archived, identity.restored, identity.tag-added, identity.tag-removed.

Event types to subscribe to. Omit or pass `["*"]` to receive all events. Available types include `session.approved`, `session.declined`, `session.resubmission-required`, `identity.created`, `identity.updated`, `identity.archived`, `identity.restored`, `identity.tag-added`, `identity.tag-removed`.

attribute_blocklistlist of stringsOptional

Attribute paths to exclude from webhook payloads.

event_filter_conditionsmap from strings to anyOptional

Conditional filters applied before dispatching events to this endpoint.

api_versionstring or nullOptional

key_inflectionenumOptional

Allowed values:

Response

Webhook endpoint created. The secret field is only returned here.

created_atdatetime

enabledboolean

enabled_eventslist of strings

Event types this endpoint is subscribed to. Empty means all events.

environmentenum

Allowed values:

idstring

secretstring

HMAC signing secret for verifying webhook payloads. Only returned at creation and secret rotation — store it securely.

updated_atdatetime

urlstringformat: "uri"

api_versionstring or null

attribute_blocklistlist of strings

Attribute paths to exclude from webhook payloads.

descriptionstring or null

event_filter_conditionsmap from strings to any

Conditional filters applied before dispatching events to this endpoint.

key_inflectionenum

Allowed values:

labelstring or null

Errors

401

Unauthorized Error

422

Unprocessable Entity Error

1	curl -X POST https://devapi.withverifa.com/api/v1/webhooks/endpoints \
2	-H "X-API-Key: <apiKey>" \
3	-H "Content-Type: application/json" \
4	-d '{
5	"url": "string"
6	}'

1	{
2	"created_at": "2024-01-15T09:30:00Z",
3	"enabled": true,
4	"enabled_events": [
5	"string"
6	],
7	"environment": "live",
8	"id": "wh_abc123",
9	"secret": "string",
10	"updated_at": "2024-01-15T09:30:00Z",
11	"url": "string",
12	"api_version": "string",
13	"attribute_blocklist": [
14	"string"
15	],
16	"description": "string",
17	"event_filter_conditions": {},
18	"key_inflection": "camel",
19	"label": "string"
20	}

Authentication

Headers

Request

Response

Errors