Create Webhook
Webhooks
Create Webhook
POST
Create Webhook
Register a webhook destination for sandbox lifecycle events. See Webhooks.
Without an
HTTPS endpoint to deliver to. (SSRF protection is applied by the delivery provider at send time, not at registration.)
Event-type allow-list — exact (
sandbox.stopped) or prefix (sandbox.*). Default: all event types. Types outside the sandbox taxonomy are rejected with 400.Scope to a single sandbox. Omit to receive events for all of the org’s sandboxes.
Signing secret. Omit and one is generated (
whsec_…). The secret is returned in the create response and is re-fetchable any time via GET /api/webhooks/{id}/secret.Optional display name for the destination.
Whether the destination is active. Default
true. false pauses delivery.Optional. A retried create with the same key and same body returns the same destination (
200) instead of a duplicate. Reusing the key with a different body is a 409 conflict.Idempotency-Key, each call creates a new destination and returns 201 — there is no get-or-create by name. With one, a retried call returns the same destination with 200.
Validation (all 400): url must be HTTPS; each eventTypes entry must be a known sandbox event type or a prefix.* wildcard.