Creates a pending webhook subscription for the authenticated API key owner. The target URL must be a public HTTPS callback URL and at least one supported event type is required.
Headers
-
Public API key issued from the Lumepay API key management flow.
-
API secret paired with the public API key.
POST
/api/v1/webhooks/subscriptions
curl \
--request POST 'http://api.example.com/api/v1/webhooks/subscriptions' \
--header "Content-Type: application/json" \
--header "X-API-KEY: string" \
--header "X-API-SECRET: string" \
--data '{"name":"string","targetUrl":"string","eventTypes":["string"]}'
Request examples
# Headers
X-API-KEY: string
X-API-SECRET: string
# Payload
{
"name": "string",
"targetUrl": "string",
"eventTypes": [
"string"
]
}
Response examples (201)
{
"id": "string",
"name": "string",
"targetUrl": "string",
"status": "string",
"events": [
{
"eventType": "string",
"resourceType": "string",
"event": "string",
"displayName": "string",
"description": "string"
}
],
"verifiedAt": "2026-05-04T09:42:00Z",
"createdAt": "2026-05-04T09:42:00Z",
"updatedAt": "2026-05-04T09:42:00Z"
}
Response examples (400)
{
"errors": [],
"timestamp": "2026-01-01T00:00:00Z",
"code": 400,
"message": "Request validation failed",
"requestId": "req_01HY0000000000000000000000",
"httpStatus": 400
}
Response examples (403)
{
"errors": [],
"timestamp": "2026-01-01T00:00:00Z",
"code": 403,
"message": "Authenticated API key is not allowed to perform this action",
"requestId": "req_01HY0000000000000000000000",
"httpStatus": 403
}
Response examples (500)
{
"errors": [],
"timestamp": "2026-01-01T00:00:00Z",
"code": 500,
"message": "Unexpected server error",
"requestId": "req_01HY0000000000000000000000",
"httpStatus": 500
}
Response examples (401)
{
"errors": [],
"timestamp": "2026-01-01T00:00:00Z",
"code": 401,
"message": "API key authentication failed",
"requestId": "req_01HY0000000000000000000000",
"httpStatus": 401
}