> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truthlocks.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Create webhook endpoint
> Registers a new webhook endpoint for the authenticated tenant.
Registers a new webhook endpoint for the authenticated tenant. The endpoint receives HTTP POST requests when matching events occur. The endpoint secret is returned once in the response — store it securely.
The number of webhook endpoints you can create depends on your billing plan. If you exceed your plan limit, the API returns `402 Payment Required`.
### Parameters
Human-readable name for the endpoint (e.g., "My Backend")
Publicly reachable HTTPS URL that receives webhook deliveries
List of event types or wildcard patterns to subscribe to. Use `category.*` to subscribe to all events in a category (e.g., `attestation.*`). See the [webhooks guide](/guides/webhooks#event-types) for the full list of event types.
### Responses
The `secret` field is only returned in the creation response. Store it securely — you cannot retrieve it later. If you lose it, [rotate the secret](/api-reference/webhooks/rotate-secret) to generate a new one.
## OpenAPI
````yaml mint-openapi.yaml POST /v1/webhooks/endpoints
openapi: 3.0.3
info:
title: Truthlocks API
description: >
Truthlocks is a universal verification infrastructure for documents,
credentials, and digital assets.
This specification defines the canonical API for interacting with Truthlocks
services.
## Base URLs
- **Production**: `https://api.truthlocks.com`
- **Sandbox**: `https://sandbox-api.truthlocks.com`
## Authentication
- **API Keys**: Use `X-API-Key` header for machine-to-machine operations
- **Bearer Tokens**: Use `Authorization: Bearer ` for user-initiated
operations
## Tenant Identity
In production, tenant identity is derived from the authenticated context
(API key or JWT).
The `X-Tenant-ID` header is ignored in production to prevent spoofing.
version: 1.0.0
contact:
name: Truthlocks Support
url: https://truthlocks.com/support
email: support@truthlocks.com
servers:
- url: https://api.truthlocks.com
description: Production API
- url: https://sandbox-api.truthlocks.com
description: Sandbox Environment
security:
- APIKey: []
tags:
- name: Authentication
description: API key and token management
- name: Issuers
description: Issuer registration and trust management
- name: Keys
description: Cryptographic key management for issuers
- name: Attestations
description: Attestation lifecycle (mint, revoke, supersede)
- name: Verification
description: Attestation verification and proof bundles
- name: Governance
description: Issuer governance workflows (admin only)
- name: Identity
description: Organization, user, and role management
- name: Audit
description: Audit event queries
- name: Platform
description: Platform administration (super admin only)
- name: Platform Review
description: Staff review workflows for issuer applications
- name: Tenant Console
description: Tenant profile and lifecycle endpoints
- name: Health
description: Service health and readiness endpoints
- name: Risk
description: Risk signal ingestion and fraud detection
- name: Risk Enforcement
description: Risk enforcement actions — block, challenge, quarantine, and configuration
- name: Billing
description: Billing, subscription, and addon management
- name: Machine Identity
description: >-
Machine Agent Identity Protocol (MAIP) — agent registration, sessions,
trust, witness, compliance, orchestration, and observability
externalDocs:
description: Transparency read-only API (separate service spec)
url: >-
https://github.com/truthlocks/truthlock/blob/main/docs/transparency/openapi.yaml
paths:
/v1/webhooks/endpoints:
post:
tags:
- Webhooks
summary: Create webhook endpoint
description: Registers a new webhook endpoint for the authenticated tenant.
operationId: webhooks.endpoints.create
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- name
- url
- event_filters
properties:
name:
type: string
description: Human-readable endpoint name
url:
type: string
description: HTTPS URL for webhook deliveries
event_filters:
type: array
items:
type: string
description: Event types or wildcard patterns
responses:
'201':
description: Endpoint created
content:
application/json:
schema:
type: object
properties:
id:
type: string
name:
type: string
url:
type: string
status:
type: string
secret:
type: string
event_filters:
type: array
items:
type: string
created_at:
type: string
'401':
description: Authentication required
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorEnvelope'
'402':
description: Plan limit reached
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorEnvelope'
security:
- APIKey: []
components:
schemas:
ErrorEnvelope:
type: object
required:
- code
- message
- http_status
properties:
code:
type: string
description: Machine-readable error code
enum:
- AUTH_REQUIRED
- AUTH_INVALID
- PERMISSION_DENIED
- TENANT_IDENTITY_UNVERIFIED
- NOT_FOUND
- VALIDATION_ERROR
- CONFLICT
- PAYLOAD_TOO_LARGE
- RATE_LIMIT_EXCEEDED
- QUOTA_EXCEEDED
- SERVICE_UNAVAILABLE
- INTERNAL_ERROR
message:
type: string
description: Human-readable error message
http_status:
type: integer
description: HTTP status code
retry_after_ms:
type: integer
description: Milliseconds to wait before retrying (for rate limits)
details:
type: object
description: Additional error context
example:
code: AUTH_REQUIRED
message: Authentication required
http_status: 401
securitySchemes:
APIKey:
type: apiKey
in: header
name: X-API-Key
description: API key for machine-to-machine authentication
````