Skip to main content

Adding a webhook signature

Adding a webhook signature

Contents

Overview

  • Call name: add-webhook-signature
  • Endpoint URL: https://{API hostname}/internal/add-webhook-signature
  • Request methods: POST
  • Request Content-Type: application/x-www-form-urlencoded or application/json
  • Response Content-Type: application/json
  • Auth required: yes

This endpoint creates a new webhook signature key for a chain. The key is a system-generated 32-character hexadecimal string that is used as the shared secret for HMAC-SHA256 signature verification of webhook payloads.

Once created, the signature key can be linked to one or more webhook configurations of type https using the webhook_signature_id parameter in the add-webhook or alter-webhook endpoints. See the webhooks overview for details on how HMAC signature verification works.

Version-specific information

The following version-specific changes apply to this endpoint. See the versioning page for more details.

VersionChange details
N/AN/A

Permissions and Authentication

This API call requires a valid Spaaza session. See the authentication page for more details. The session can be as follows:

  • Admin authentication: The performing user needs to be logged in and have write access to the chain.

Headers

The following headers can/must be passed to the API call:

ParameterDescription
N/AN/A

HTTP Parameters

The following HTTP parameters can be passed to the API:

ParameterDescription
chain_id(integer, mandatory) The ID of the chain for which to create the key.

Example response JSON

The endpoint returns JSON showing the details of the created webhook signature key. The value field contains the shared secret to use for HMAC verification. An example response is shown below:

{
"result": {
"code": 1,
"status": "ok"
},
"results": {
"webhook_signature": {
"active": true,
"chain": {
"id": 1743,
"name": "ACME Retail"
},
"created_date": "2026-06-26T10:00:00+00:00",
"deleted": false,
"id": 56,
"last_modified_date": "2026-06-26T10:00:00+00:00",
"value": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
},
"result_type": "add-webhook-signature"
}
}

Possible error responses

CodeNameDescriptionHTTP Status
3http_vars_missingRequired parameter chain_id is missing400
6no_valid_sessionNo valid session key provided or session has expired401
13http_request_method_non_POST_not_allowedOnly HTTP POST allowed for this API call405
68permission_denied_or_non_existentUser has insufficient permissions or the chain does not exist403
76chain_id_invalidThe chain_id passed must be an integer400