Managing Endpoints

Create, update, and list webhook endpoints programmatically.

Create an endpoint

POST/v1/webhooks/endpoints

Field	Type	Description
`url`required	string (https)	HTTPS URL that will receive POST events.
`events`required	string[]	List of event types to subscribe to. Use ["*"] for all events.
`description`	string	Friendly label shown in the dashboard.
`enabled`	boolean default: true	Whether this endpoint should start receiving events immediately.

curl -X POST https://api.vaultspay.ae/v1/webhooks/endpoints \
  -H "Authorization: Bearer sk_test_yourApiKeyHere" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourapp.com/webhooks/vaultspay",
    "events": ["user.kyc.status_changed", "card.transaction.posted"],
    "description": "Prod webhook receiver"
  }'

201 Created

{
  "id": "whk_01HX7...",
  "object": "webhook_endpoint",
  "url": "https://yourapp.com/webhooks/vaultspay",
  "events": ["user.kyc.status_changed", "card.transaction.posted"],
  "signing_secret": "whsec_ae72abCDefG123hiJK...",
  "enabled": true,
  "created_at": "2026-04-24T14:52:03Z"
}

⚠️ Copy the signing_secret right away — it is only shown once.

Update an endpoint

PATCH/v1/webhooks/endpoints/{id}

curl -X PATCH https://api.vaultspay.ae/v1/webhooks/endpoints/whk_01HX7... \
  -H "Authorization: Bearer sk_test_yourApiKeyHere" \
  -H "Content-Type: application/json" \
  -d '{ "events": ["*"], "enabled": true }'

Rotate the signing secret

POST/v1/webhooks/endpoints/{id}/rotate

curl -X POST https://api.vaultspay.ae/v1/webhooks/endpoints/whk_01HX7.../rotate \
  -H "Authorization: Bearer sk_test_yourApiKeyHere"

Delete an endpoint

DELETE/v1/webhooks/endpoints/{id}

curl -X DELETE https://api.vaultspay.ae/v1/webhooks/endpoints/whk_01HX7... \
  -H "Authorization: Bearer sk_test_yourApiKeyHere"

Retries & Delivery Testing Webhooks