Skip to main content

Adding a webhook

Adding a webhook

Contents

Overview

  • Call name: add-webhook
  • Endpoint URL: https://{API hostname}/internal/add-webhook
  • Request methods: POST
  • Request Content-Type: application/x-www-form-urlencoded or application/json
  • Response Content-Type: application/json
  • Auth required: yes

This endpoint creates a new webhook configuration for a chain. The webhook will be triggered whenever the specified event occurs and will send a POST request containing the event payload to the configured URL.

Webhooks of type https store their own URL and credentials directly. To enable HMAC signature verification on an https webhook, create a webhook signature key using add-webhook-signature and pass its ID in the webhook_signature_id parameter.

Version-specific information

The following version-specific changes apply to this endpoint. See the versioning page for more details.

VersionChange details
N/AN/A

Permissions and Authentication

This API call requires a valid Spaaza session. See the authentication page for more details. The session can be as follows:

  • Admin authentication: The performing user needs to be logged in and have write access to the chain to which the webhook belongs.

Headers

The following headers can/must be passed to the API call:

ParameterDescription
N/AN/A

HTTP Parameters

The following HTTP parameters can be passed to the API:

ParameterDescription
chain_id(integer, mandatory) The ID of the chain to which the webhook belongs.
event_name(string, mandatory, max=128) The name of the event that triggers the webhook. See the available webhook events for valid values.
type(string, mandatory, max=128) The type of webhook. For standard HTTPS webhooks, use https.
url(string, conditional, max=1000) The URL to which the webhook payload will be sent. Required for webhooks of type https.
filter(string, optional, max=2048) A filter expression that restricts when the webhook fires. The filter format is a keyword followed by a comma-separated key=values pair, for example campaign types=signup,loyalty.
identifier_key(string, optional, max=128) An identifier key or username for authentication with the webhook recipient.
identifier_secret(string, optional, max=256) An identifier secret or password for authentication with the webhook recipient. The value is obfuscated in API responses.
webhook_signature_id(integer, optional) The ID of a webhook signature key to use for HMAC signature verification. Only applicable for webhooks of type https. See add-webhook-signature for creating a webhook signature key.
campaign_id(integer, optional) The ID of a campaign to associate with this webhook. The campaign must belong to the same chain.
task_id(integer, optional) The ID of a task to associate with this webhook. The task must belong to the same chain.
event_trigger(string, optional, max=512) An event trigger expression for additional event filtering.
applies_legacy_hmac(boolean, optional) Controls the format of the JSON payload used when computing the HMAC signature. When true, the signature is computed over prettified JSON; when false (default), compact JSON is used.
payload_spaaza_api_version(string, optional, max=32) The Spaaza API version to use for the webhook payload format. Defaults to 1.4.8.

Example response JSON

The endpoint returns JSON showing the details of the created webhook configuration. An example response is shown below:

{
"result": {
"code": 1,
"status": "ok"
},
"results": {
"webhook": {
"active": true,
"applies_legacy_hmac": false,
"campaign_id": null,
"created_date": "2026-06-26T10:00:00+00:00",
"event_name": "shopper.voucher-issued",
"event_trigger": null,
"filter": null,
"id": 1234,
"identifier_key": null,
"identifier_secret": null,
"is_default": false,
"last_modified_date": "2026-06-26T10:00:00+00:00",
"payload_spaaza_api_version": "1.4.8",
"send_from": null,
"task_id": null,
"type": "https",
"url": "https://example.com/webhooks/spaaza",
"webhook_signature": {
"active": true,
"chain": {
"id": 1743,
"name": "ACME Retail"
},
"created_date": "2026-06-26T09:55:00+00:00",
"deleted": false,
"id": 56,
"last_modified_date": "2026-06-26T09:55:00+00:00",
"value": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
}
},
"result_type": "add-webhook"
}
}

Possible error responses

CodeNameDescriptionHTTP Status
3http_vars_missingRequired parameter is missing (chain_id, event_name, or type)400
6no_valid_sessionNo valid session key provided or session has expired401
13http_request_method_non_POST_not_allowedOnly HTTP POST allowed for this API call405
68permission_denied_or_non_existentUser has insufficient permissions or the chain does not exist403
76chain_id_invalidThe chain_id passed must be an integer400
405entity_mismatchThe campaign, task, or webhook signature does not match the chain400
417string_parameter_too_longOne or more string parameters exceeds the maximum length400
493webhook_event_name_invalidThe event_name value is not a recognised webhook event400
494webhook_type_invalidThe type value is not a recognised webhook type400
528webhook_signature_not_foundThe webhook_signature_id does not correspond to an existing record404