Webhook Policies API

List webhook policies

List all webhook policies for an account:

GET /webhook_policies

Response

Status: 200 OK
[
  {
    "id": 301,
    "name": "6f3a5394ff9262be392926386113d684915ed1a956910902c29d0baf",
    "created_at": "2015-09-10T12:15:16-05:00",
    "updated_at": "2015-09-14T12:31:27-05:00"
  },
  {
    "id": 312,
    "name": "41c87abb02950b7541ee1d4fcea20cc05cc8a6f361612d7a86cb9577",
    "created_at": "2015-09-10T12:15:16-05:00",
    "updated_at": "2015-09-10T12:15:16-05:00"
  },
  "..."
]

The response contains these fields by default. Filtering and pagination are available to reduce/limit the collection of webhook policies.

Predefined Filters

The following predefined filters are available:

Collection Fields

By default the following fields will appear in collections of webhook policies:

id name created_at updated_at

Obtain a different set of fields using the ?fields= parameter.

Filtering

Filtering is available for the following fields:

id name created_at updated_at disabled

The filter on name is not case sensitive.

Sorting

By default a collection of webhook policies is sorted ascending by created_at.

The following fields are accepted by the ?sort= parameter:

created_at updated_at

Get a single webhook policy

GET /webhook_policies/:id

Response

Status: 200 OK
{
  "id": 312,
  "name": "41c87abb02950b7541ee1d4fcea20cc05cc8a6f361612d7a86cb9577",
  "disabled": true,
  "created_at": "2015-09-10T12:15:16-05:00",
  "updated_at": "2015-09-10T12:15:16-05:00",
  "jwt_alg": "rs256",
  "jwt_audience": "some audience",
  "jwt_claim_expires_in": 12
}

The response contains these fields.

Create a webhook policy

POST /webhook_policies

When creating a new webhook policy these fields are available.

Response

Status: 201 Created
{
  "name": "...",
  "...": "..."
}

The response contains all fields of the created webhook policy and is similar to the response in Get a single webhook policy. This is the only time the public_key_pem field will be exposed.

Update a webhook policy

PATCH /webhook_policies/:id

When updating a webhook policy these fields are available.

Response

Status: 200 OK
{
  "name": "...",
  "...": "..."
}

The response contains all fields of the updated webhook policy and is similar to the response in Get a single webhook policy.

Fields

created_at
Readonly datetime — The date and time at which the webhook profile was created.
disabled
Optional boolean, default: false — The Disabled box is checked when the webhook policy may no longer be related to webhooks.
id
Readonly integer — The unique ID of the webhook policy.
jwt_alg
Required enum — The JWT algorithm field is used to select the algorithm to use for cryptographic signing of webhook messages. If cryptographic signing is used, the algorithm for decoding a received message needs to be specified to ensure that an attacker cannot bypass the algorithm verification step. See also JSON Web Algorithms (JWA). Valid values are:
  • none: No digital signature or MAC performed
  • hs256: HMAC using SHA-256
  • hs384: HMAC using SHA-384
  • hs512: HMAC using SHA-512
  • rs256: RSA using SHA-256
  • rs384: RSA using SHA-384
  • rs512: RSA using SHA-512
  • es256: ECDSA using P-256 and SHA-256
  • es384: ECDSA using P-384 and SHA-384
  • es512: ECDSA using P-521 and SHA-512
jwt_audience
Optional text (max 2KB) — The Audience field is used to specify the value for the audience claim. The audience claim identifies the recipients that the encrypted message is intended for. For more information see “aud” (Audience) Claim of a JSON Web Token (JWT).
jwt_claim_expires_in
Optional duration — The Claim expires in field is used to specify the expiration time on or after which the JSON Web Token (JWT) must no longer be accepted for processing. The payload of a webhook will have an “exp” (expiration time) claim based on this value. The processing of the “exp” claim requires that the current date/time must be before the expiration date/time listed in the “exp” claim. Implementers may provide for some small leeway, usually no more than a couple of minutes, to account for clock skew. For more information see “exp” (Expiration Time) Claim of a JSON Web Token (JWT).
name
Readonly string (max 64) — The Name field contains the generated name of the policy.
public_key_pem
Readonly text (max 2KB) — The public_key_pem field contains the public key of the created policy. This field is only available when a new policy is created.
updated_at
Readonly datetime — The date and time of the last update of the webhook policy. If the policy has no updates it contains the created_at value.