Register an outbound webhook endpoint

POST/api/v1/webhooks/o2c

Register a URL to receive O2C events. The response includes the plaintext secret exactly once — store it to verify the X-DayZero-Signature (HMAC-SHA256) header on delivered events.

Operation ID: create_webhook_endpoint_api_v1_webhooks_o2c_post·View as markdown·OpenAPI slice

Authentication

Bearer token authentication. Pass your DayZero API token in the Authorization header and the target business UUID in x-business-id.

Request body

urlstringrequired

HTTPS URL to POST events to.

event_typesarray · stringrequired

Event types to subscribe to (e.g. ['order.countersigned']).

secretstring

Optional shared HMAC secret; auto-generated if omitted.

is_activeboolean

Whether the endpoint is active.

Responses

201Successful Response

successboolean
messagestring
codestring
dataWebhookEndpointCreateResponse

400Bad Request - Invalid input

401Unauthorized - Authentication required

403Forbidden - Insufficient permissions

422Validation Error

detailarray · ValidationErrorValidationError
5 fields
locarray · string | integerrequired
msgstringrequired
typestringrequired
inputobject
ctxobject