Webhooks

HTTPS destinations for event delivery. HMAC-signed and retried. Pair with the webhooks guide for verification code.

Create a webhook

POST/v1/webhooks

urlstringRequired

HTTPS destination. Self-signed certs are rejected on cloud; on self-hosted, add your CA to the deployment trust bundle.

eventsstring[]Required

Event types to subscribe to. See the webhooks guide for the full list.

descriptionstringOptional

Response

json

{
  "id": "wh_01HZ...",
  "url": "https://example.com/hooks",
  "events": ["call.completed"],
  "secret": "whsec_01HZxxxx...",
  "created": 1712345678
}

Shown once

The signing secret is returned on create only. Rotate via delete + create.

List / delete

GET/v1/webhooks

DELETE/v1/webhooks/{webhook_id}

Delivery semantics

At-least-once. Dedupe on event id.
10-second response timeout, 24-hour retry window with exponential backoff.
Every POST carries Wordcab-Signature and Wordcab-Timestamp. See the webhooks guide for verification code.

← Previous

API keys

Usage