Create a webhook subscription
/api/v1/webhooksAuthentication
- Bearer Token
AuthorizationJWT access token
- API Key
X-API-KeyAPI key for management-tier access
Request body
urlstringevent_typesstring[]descriptionstring
Code samples
curl -X POST "https://api.canopy.dev/api/v1/webhooks" \
-H "X-API-Key: $CANOPY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "string",
"event_types": [
"string"
],
"description": "string"
}'const response = await fetch("https://api.canopy.dev/api/v1/webhooks", {
method: "POST",
headers: {
"X-API-Key": "$CANOPY_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"url": "string",
"event_types": [
"string"
],
"description": "string"
}),
});
const data = await response.json();import requests
response = requests.post(
"https://api.canopy.dev/api/v1/webhooks",
headers={
"X-API-Key": "$CANOPY_API_KEY",
"Content-Type": "application/json"
},
json={
"url": "string",
"event_types": [
"string",
],
"description": "string",
},
)
data = response.json()package main
import (
"bytes"
"encoding/json"
"net/http"
)
func main() {
payload := map[string]interface{}{
"url": "string",
"event_types": []interface{}{
"string",
},
"description": "string",
}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", "https://api.canopy.dev/api/v1/webhooks", bytes.NewBuffer(body))
req.Header.Set("X-API-Key", "$CANOPY_API_KEY")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()
}Responses
201 Webhook created — secret is only shown once
{
"id": "string",
"url": "string",
"event_types": [
"string"
],
"description": "string",
"is_active": false,
"created_at": "2026-04-20T12:00:00.000Z"
}application/json
idstringurlstringevent_typesstring[]descriptionstringis_activebooleancreated_atstring (date-time)
401 Invalid or expired token
403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)