Adding a webhook signature
Adding a webhook signature
Contents
- Overview
- Version-specific information
- Permissions and Authentication
- Headers
- HTTP Parameters
- Example response JSON
- Possible error responses
Overview
- Call name: add-webhook-signature
- Endpoint URL: https://{API hostname}/internal/add-webhook-signature
- Request methods: POST
- Request Content-Type: application/x-www-form-urlencoded or application/json
- Response Content-Type: application/json
- Auth required: yes
This endpoint creates a new webhook signature key for a chain. The key is a system-generated 32-character hexadecimal string that is used as the shared secret for HMAC-SHA256 signature verification of webhook payloads.
Once created, the signature key can be linked to one or more webhook configurations of type https using the webhook_signature_id parameter in the add-webhook or alter-webhook endpoints. See the webhooks overview for details on how HMAC signature verification works.
Version-specific information
The following version-specific changes apply to this endpoint. See the versioning page for more details.
| Version | Change details |
|---|---|
| N/A | N/A |
Permissions and Authentication
This API call requires a valid Spaaza session. See the authentication page for more details. The session can be as follows:
- Admin authentication: The performing user needs to be logged in and have
write accessto the chain.
Headers
The following headers can/must be passed to the API call:
| Parameter | Description |
|---|---|
| N/A | N/A |
HTTP Parameters
The following HTTP parameters can be passed to the API:
| Parameter | Description |
|---|---|
| chain_id | (integer, mandatory) The ID of the chain for which to create the key. |
Example response JSON
The endpoint returns JSON showing the details of the created webhook signature key. The value field contains the shared secret to use for HMAC verification. An example response is shown below:
{
"result": {
"code": 1,
"status": "ok"
},
"results": {
"webhook_signature": {
"active": true,
"chain": {
"id": 1743,
"name": "ACME Retail"
},
"created_date": "2026-06-26T10:00:00+00:00",
"deleted": false,
"id": 56,
"last_modified_date": "2026-06-26T10:00:00+00:00",
"value": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
},
"result_type": "add-webhook-signature"
}
}
Possible error responses
| Code | Name | Description | HTTP Status |
|---|---|---|---|
| 3 | http_vars_missing | Required parameter chain_id is missing | 400 |
| 6 | no_valid_session | No valid session key provided or session has expired | 401 |
| 13 | http_request_method_non_POST_not_allowed | Only HTTP POST allowed for this API call | 405 |
| 68 | permission_denied_or_non_existent | User has insufficient permissions or the chain does not exist | 403 |
| 76 | chain_id_invalid | The chain_id passed must be an integer | 400 |