Create Webhook Endpoint
Webhooks
Create Webhook Endpoint
Create a new webhook configuration for receiving event notifications
POST
Create Webhook Endpoint
Create Webhook Endpoint
POST https://api.baanx.com/v1/webhooks Creates a new webhook configuration for receiving event notifications.Overview
Registers a new HTTPS endpoint to receive webhook deliveries. Each webhook can subscribe to one or more event types and is assigned a unique signing key for signature verification.Limits and defaults:
- Maximum of 5 webhook endpoints per partner
- New webhooks are created with
is_active: falseby default unless explicitly set - Only HTTPS URLs are accepted
Signature Verification
All webhook deliveries include HMAC-SHA256 signature headers:| Header | Description |
|---|---|
X-Timestamp | Unix timestamp of the request |
X-Signature | HMAC-SHA256 signature of {timestamp}.{body} |
Authentication
This endpoint requires authentication via Bearer token:Request
Headers
Bearer token for authentication
Must be
application/jsonBody
Human-readable name for the webhook (max 255 characters)
HTTPS endpoint URL for webhook delivery. Must use HTTPS.
Array of event type strings to subscribe to. Must contain at least one item.Available event types:
kyc.status.changed- User KYC verification status changedcard.activated- Card has been activatedtransaction.cleared- Transaction has been cleared
Whether to activate the webhook immediately. Defaults to
false.Optional custom metadata to attach to the webhook (e.g., environment tags)
Request Examples
Response
201 Created
Indicates the webhook was created successfully
Unique identifier for the new webhook
Full API key — store securely. Used to verify webhook signatures. Not retrievable after this response.
Event types the webhook is subscribed to
Whether the webhook is active
Error Responses
Common Error Scenarios
Webhook Limit Reached
Webhook Limit Reached
Error:
400 Bad RequestMessage: "Maximum webhook limit (5) reached for this tenant"Cause: You already have 5 webhook endpoints configured.Solution: Delete an existing webhook with DELETE /v1/webhooks/{id} before creating a new one.Non-HTTPS URL
Non-HTTPS URL
Error:
400 Bad RequestCause: The url field does not use the HTTPS scheme.Solution: Ensure your endpoint URL begins with https://.Related Endpoints
GET /v1/webhooks- List all webhook endpointsPUT /v1/webhooks/{id}- Update a webhook configurationPOST /v1/webhooks/{id}/rotate-key- Rotate the signing keyDELETE /v1/webhooks/{id}- Delete a webhook endpoint