Skip to main content
PUT
/
webhook
Configure partner webhook
curl --request PUT \
  --url 'https://partner-api.ochy-prod.com/webhook?apiKey=' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://client.example.com/webhooks/ochy",
  "enabled": true,
  "signature": {
    "enabled": true
  }
}
'
{
  "url": "https://client.example.com/webhooks/ochy",
  "enabled": true,
  "updated_at": "2026-03-23T10:45:00Z",
  "signature": {
    "enabled": true,
    "algorithm": "HMAC-SHA256",
    "last4": "n6p8",
    "created_at": "2026-03-23T10:45:00Z",
    "updated_at": "2026-03-23T10:45:00Z",
    "secret": "YOUR_GENERATED_SIGNING_SECRET"
  }
}

Authorizations

apiKey
string
query
required

Your API key, passed as a query parameter on every request.

Body

application/json
url
string<uri>
required

HTTPS endpoint that will receive POST requests with JSON payloads.

Example:

"https://client.example.com/webhooks/ochy"

enabled
boolean
required

When false, no webhook events are sent until set back to true.

Example:

true

signature
object

Optional HMAC-SHA256 signature settings for webhook delivery.

Response

Webhook configuration saved. Body mirrors GET /webhook. If a signing secret is generated during this request, it is returned once as signature.secret; store it securely.

Returned by GET /webhook and PUT /webhook. When no webhook has been stored yet, GET /webhook returns an empty object. The full signing secret is only present in responses that generated or rotated it.

url
string<uri>

Registered webhook URL.

Example:

"https://client.example.com/webhooks/ochy"

enabled
boolean

Whether webhook delivery is enabled for this partner.

Example:

true

updated_at
string<date-time>

When the configuration was last updated (ISO 8601 UTC).

Example:

"2026-03-23T10:45:00Z"

signature
object

Webhook signing configuration. The secret field is returned only when generated or rotated.