{"openapi":"3.1.0","info":{"title":"POST /api/v1/webhooks/o2c","version":"1.0.0","description":"Register an outbound webhook endpoint"},"servers":[{"url":"https://api.ondayzero.com","description":"Production"}],"paths":{"/api/v1/webhooks/o2c":{"post":{"tags":["o2c-webhooks"],"summary":"Register an outbound webhook endpoint","description":"Register a URL to receive O2C events. The response includes the plaintext `secret` exactly once — store it to verify the `X-DayZero-Signature` (HMAC-SHA256) header on delivered events.","operationId":"create_webhook_endpoint_api_v1_webhooks_o2c_post","parameters":[{"name":"authorization","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Authorization"}},{"name":"x-business-id","in":"header","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"X-Business-Id"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/WebhookEndpointCreate"}}}},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessEnvelope_WebhookEndpointCreateResponse_"}}}},"400":{"description":"Bad Request - Invalid input","content":{"application/json":{"example":{"detail":"Invalid request parameters"}}}},"401":{"description":"Unauthorized - Authentication required","content":{"application/json":{"example":{"detail":"Not authenticated"}}}},"403":{"description":"Forbidden - Insufficient permissions","content":{"application/json":{"example":{"detail":"Not enough permissions"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}}}}},"components":{"schemas":{"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"SuccessEnvelope_WebhookEndpointCreateResponse_":{"properties":{"success":{"type":"boolean","title":"Success","default":true},"message":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Message"},"code":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Code"},"data":{"anyOf":[{"$ref":"#/components/schemas/WebhookEndpointCreateResponse"},{"type":"null"}]}},"additionalProperties":true,"type":"object","title":"SuccessEnvelope[WebhookEndpointCreateResponse]"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"},"input":{"title":"Input"},"ctx":{"type":"object","title":"Context"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"},"WebhookEndpointCreate":{"properties":{"url":{"type":"string","maxLength":2048,"title":"Url","description":"HTTPS URL to POST events to."},"event_types":{"items":{"type":"string"},"type":"array","title":"Event Types","description":"Event types to subscribe to (e.g. ['order.countersigned'])."},"secret":{"anyOf":[{"type":"string","maxLength":255},{"type":"null"}],"title":"Secret","description":"Optional shared HMAC secret; auto-generated if omitted."},"is_active":{"type":"boolean","title":"Is Active","description":"Whether the endpoint is active.","default":true}},"type":"object","required":["url","event_types"],"title":"WebhookEndpointCreate","description":"Request schema for registering an outbound webhook endpoint."},"WebhookEndpointCreateResponse":{"properties":{"id":{"type":"string","title":"Id"},"business_id":{"type":"string","title":"Business Id"},"url":{"type":"string","title":"Url"},"event_types":{"items":{"type":"string"},"type":"array","title":"Event Types"},"is_active":{"type":"boolean","title":"Is Active"},"created_at":{"type":"string","format":"date-time","title":"Created At"},"updated_at":{"type":"string","format":"date-time","title":"Updated At"},"secret":{"type":"string","title":"Secret"}},"type":"object","required":["id","business_id","url","event_types","is_active","created_at","updated_at","secret"],"title":"WebhookEndpointCreateResponse","description":"Creation response — includes the plaintext ``secret`` exactly once."}},"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"API Token","description":"API token authentication. Format: `Bearer dz_...`"}}},"security":[{"BearerAuth":[]}]}