Webhook Policies API
List webhook policies
List all webhook policies for an account:
GET /webhook_policies
Response
status: 200 OK
[
{
"id": 301,
"name": "6f3a5394ff9262be392926386113d684915ed1a956910902c29d0baf",
"created_at": "2015-09-10T12:15:16-05:00",
"updated_at": "2015-09-14T12:31:27-05:00"
},
{
"id": 312,
"name": "41c87abb02950b7541ee1d4fcea20cc05cc8a6f361612d7a86cb9577",
"created_at": "2015-09-10T12:15:16-05:00",
"updated_at": "2015-09-10T12:15:16-05:00"
},
"..."
]
The response contains these fields by default. Filtering and pagination are available to reduce/limit the collection of webhook policies.
Predefined Filters
The following predefined filters are available:
/webhook_policies/disabled
: List all disabled webhook policies/webhook_policies/enabled
: List all enabled webhook policies
Collection Fields
By default the following fields will appear in collections of webhook policies:
id
name
created_at
updated_at
Obtain a different set of fields using the ?fields= parameter.
Filtering
Filtering is available for the following fields:
id
name
created_at
updated_at
disabled
The filter on name
is not case sensitive.
Sorting
By default a collection of webhook policies is sorted ascending by created_at
.
The following fields are accepted by the ?sort= parameter:
created_at
updated_at
Get a single webhook policy
GET /webhook_policies/:id
Response
status: 200 OK
{
"id": 312,
"name": "41c87abb02950b7541ee1d4fcea20cc05cc8a6f361612d7a86cb9577",
"disabled": true,
"created_at": "2015-09-10T12:15:16-05:00",
"updated_at": "2015-09-10T12:15:16-05:00",
"jwt_alg": "rs256",
"jwt_audience": "some audience",
"jwt_claim_expires_in": 12
}
The response contains these fields.
Create a webhook policy
POST /webhook_policies
When creating a new webhook policy these fields are available.
Response
status: 201 Created
{
"name": "...",
"...": "..."
}
The response contains all fields of the created webhook policy and is similar to the response in Get a single webhook policy. This is the only time the public_key_pem
field will be exposed.
Update a webhook policy
PATCH /webhook_policies/:id
When updating a webhook policy these fields are available.
Response
status: 200 OK
{
"name": "...",
"...": "..."
}
The response contains all fields of the updated webhook policy and is similar to the response in Get a single webhook policy.
Fields
- created_at
- Readonly datetime — The date and time at which the webhook profile was created.
- disabled
- Optional boolean, default:
false
— The Disabled box is checked when the webhook policy may no longer be related to webhooks. - id
- Readonly integer — The unique ID of the webhook policy.
- jwt_alg
- Required enum — The JWT algorithm field is used to select the algorithm to use for cryptographic signing of webhook messages. If cryptographic signing is used, the algorithm for decoding a received message needs to be specified to ensure that an attacker cannot bypass the algorithm verification step. See also JSON Web Algorithms (JWA). Valid values are:
-
none
: No digital signature or MAC performedhs256
: HMAC using SHA-256hs384
: HMAC using SHA-384hs512
: HMAC using SHA-512rs256
: RSA using SHA-256rs384
: RSA using SHA-384rs512
: RSA using SHA-512es256
: ECDSA using P-256 and SHA-256es384
: ECDSA using P-384 and SHA-384es512
: ECDSA using P-521 and SHA-512
- jwt_audience
- Optional text (max 2KB) — The Audience field is used to specify the value for the audience claim. The audience claim identifies the recipients that the encrypted message is intended for. For more information see “aud” (Audience) Claim of a JSON Web Token (JWT).
- jwt_claim_expires_in
- Optional duration — The Claim expires in field is used to specify the expiration time on or after which the JSON Web Token (JWT) must no longer be accepted for processing. The payload of a webhook will have an “exp” (expiration time) claim based on this value. The processing of the “exp” claim requires that the current date/time must be before the expiration date/time listed in the “exp” claim. Implementers may provide for some small leeway, usually no more than a couple of minutes, to account for clock skew. For more information see “exp” (Expiration Time) Claim of a JSON Web Token (JWT).
- name
- Readonly string (max 64) — The Name field contains the generated name of the policy.
- public_key_pem
- Readonly text (max 2KB) — The public_key_pem field contains the public key of the created policy. This field is only available when a new policy is created.
- updated_at
- Readonly datetime — The date and time of the last update of the webhook policy. If the policy has no updates it contains the
created_at
value.