Webhooks

Outbound delivery endpoints + delivery log.

📄️List tenant webhook endpoints

Returns every webhook endpoint registered for the tenant. Secrets are omitted from list output. Dual-auth: both paths require `manage_webhooks`.

📄️Create a webhook endpoint

Registers a new webhook endpoint subscribed to the supplied event list. Response includes the signing `secret` (shown only on create + rotate). Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`. Idempotent — pass `Idempotency-Key: <uuid>` to avoid duplicate endpoints on retries.

📄️List webhook event types the platform emits

Returns the array of string event identifiers (e.g. `comment.created`) that a webhook endpoint can subscribe to. Dual-auth: mirrored under API-key and admin-JWT paths; both paths require `manage_webhooks`.

📄️Delete a webhook endpoint

Permanently removes the endpoint and its delivery history. Returns `{ id, deletedAt }`. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Update a webhook endpoint

Partial update of url, events, is_active, or description. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️List delivery attempts for a webhook endpoint

Cursor-paginated delivery history filterable by `status`, `event_type`, and an `after`/`before` date window. Dual-auth: both paths require `manage_webhooks`.

📄️Replay a failed webhook delivery

Creates a fresh delivery row with the original payload and queues it for dispatch. Only `failed` or `dead_letter` rows can be replayed; in-flight rows return 422. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Purge delivery history for a webhook endpoint

Operator cleanup — deletes all delivery attempts for this endpoint and returns the count. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Rotate the signing secret on a webhook endpoint

Generates a new HMAC signing secret and returns it in the response body (only time it is shown). Secret is never written to the audit log. Dual-auth: both paths require `manage_webhooks`.

📄️Fire a synthetic test delivery to a webhook endpoint

Enqueues a test event to the endpoint and returns the resulting delivery row. Useful for verifying URL reachability and signing. Dual-auth: both paths require `manage_webhooks`.

📄️Re-run the URL-ownership verification handshake

POSTs a signed challenge to the endpoint URL and requires the receiver to echo the `challenge` value in the JSON response body within 30 s. Returns `{ verified, reason? }`. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️List tenant webhook endpoints

Returns every webhook endpoint registered for the tenant. Secrets are omitted from list output. Dual-auth: both paths require `manage_webhooks`.

📄️Create a webhook endpoint

Registers a new webhook endpoint subscribed to the supplied event list. Response includes the signing `secret` (shown only on create + rotate). Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`. Idempotent — pass `Idempotency-Key: <uuid>` to avoid duplicate endpoints on retries.

📄️List webhook event types the platform emits

Returns the array of string event identifiers (e.g. `comment.created`) that a webhook endpoint can subscribe to. Dual-auth: mirrored under API-key and admin-JWT paths; both paths require `manage_webhooks`.

📄️Delete a webhook endpoint

Permanently removes the endpoint and its delivery history. Returns `{ id, deletedAt }`. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Update a webhook endpoint

Partial update of url, events, is_active, or description. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️List delivery attempts for a webhook endpoint

Cursor-paginated delivery history filterable by `status`, `event_type`, and an `after`/`before` date window. Dual-auth: both paths require `manage_webhooks`.

📄️Replay a failed webhook delivery

Creates a fresh delivery row with the original payload and queues it for dispatch. Only `failed` or `dead_letter` rows can be replayed; in-flight rows return 422. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Purge delivery history for a webhook endpoint

Operator cleanup — deletes all delivery attempts for this endpoint and returns the count. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.

📄️Rotate the signing secret on a webhook endpoint

Generates a new HMAC signing secret and returns it in the response body (only time it is shown). Secret is never written to the audit log. Dual-auth: both paths require `manage_webhooks`.

📄️Fire a synthetic test delivery to a webhook endpoint

Enqueues a test event to the endpoint and returns the resulting delivery row. Useful for verifying URL reachability and signing. Dual-auth: both paths require `manage_webhooks`.

📄️Re-run the URL-ownership verification handshake

POSTs a signed challenge to the endpoint URL and requires the receiver to echo the `challenge` value in the JSON response body within 30 s. Returns `{ verified, reason? }`. Emits an audit log entry. Dual-auth: both paths require `manage_webhooks`.