๐๏ธ List all webhooks
Retrieve a list of all webhooks for your organization.
๐๏ธ Create a new webhook
Create a new webhook for your organization. Webhooks will be called in response to triggers, and you can use the `/organizations/webhooks/{webhook_id}/triggers` endpoint to specify which trigger(s) should call each webhook. The request body must contain the target URL for the webhook, and this must be unique for your organization (you cannot have two webhooks with the same target URL). The target URL must use the HTTPS protocol, and must have a host. The host cannot be `localhost` or an IP address. The target URL may have a path element, but may not contain query parameters or fragments. Additionally, you can specify custom headers that will be sent in the HTTP header of each request to your webhook's target URL. These are encrypted when stored, so can be used for sensitive data. You can also choose the webhook's timeout value. This will determine how long your webhook server has to respond to a request before it is considered failed. If you do not set a value, defaults will be used: for synchronous webhook calls, this is 2 seconds; for asynchronous calls, 10 seconds. When choosing a timeout, you should consider how long your webhook will typically need to process a request, and how this may affect user experience (in the case of sychronous webhooks). The value provided should be a string that can be parsed as a [Golang `time.Duration`](https://pkg.go.dev/time#Duration); for example, '10s', '500ms'. The timeout may not be more than 20 seconds, and cannot be negative. If you do not set a timeout, when retrieving the webhook you will see a timeout set to 0s, indicating that the defaults will be used when the webhook is called. You may also specify a name and description for the webhook. The response will contain a webhook ID, which uniquely identifies the newly created webhook. This ID can be used to modify or delete the webhook, and to add triggers for it. For more information on using webhooks with SlashID, see our [dedicated guide](/docs/access/guides/webhooks).
๐๏ธ Get a webhook
Retrieve information about a specific webhook, identified by its ID.
๐๏ธ Delete a webhook
Delete the specified webhook. This will also delete all triggers associated with this webhook. This action cannot be undone.
๐๏ธ Update a webhook
Update an existing webhook, identified by its ID. This endpoint can be used to modify the target URL, custom headers, name, or description of the webhook. Note that the target URL cannot be changed to a URL already in use by another webhook for your organization. Modifying the custom headers will overwrite any existing custom headers for this webhook.
๐๏ธ List webhook triggers
List all the triggers for a specific webhook.
๐๏ธ Create a webhook trigger
Create a new trigger for an existing webhook. Each webhook can have multiple triggers, and will be called on each of them. The trigger type specifies what kind of trigger will cause the webhook to be called. The trigger name specifies the exact trigger that will cause the webhook to be called, amongst all triggers of this type. For a full list of trigger types and names, refer to our [webhooks guide](/docs/access/guides/webhooks).
๐๏ธ Delete a webhook trigger
Delete a trigger for a specific webhook. The webhook will no longer be called on this trigger. Note that for a short period after the delete request has successfully returned, triggers in flight may still cause the webhook to be called.
๐๏ธ Retrieve verification JWKS for webhooks
Endpoint to retrieve a JSON Web Key Set (JWKS) for webhook body verification. When SlashID calls your webhooks in response to a trigger, the body of the request is a signed and encoded JSON Web Token (JWT). The public part of the signing key can be retrieved from this endpoint and used to verify that the request body comes from SlashID, is intended for your webhook, and has not been modified. SlashID uses the ES256 JSON Web Algorithm (JWA), which is the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and SHA256. Support for JWTs and JWKS is available for many languages - [jwt.io](https://jwt.io/libraries) maintains an extensive (but not exhaustive) list of libraries for popular languages. Note that this endpoint is rate-limited to 30 requests per minute per organization, with bursts of 60. It is therefore recommended that you cache the keyset locally in your webhook handlers.
๐๏ธ Generate events for testing
Generate events for testing analytics flows, such as webhooks. This endpoint can be used to create one or more SlashID events. The request body is a list of test event descriptions, including the type of event to generate, the number of events of that type to generate, and whether those events should be duplicates. The contents of the events will be randomly generated, and will have the `is_test_event` flag set to true, so they can be distinguished from real events. Please refer to our [events guide](/docs/access/concepts/events) for a full list of SlashID events and their contents. Note that this endpoint is rate-limited to 10 test events per minute, with a burst of 50. If your tests require a higher rate, please contact us.