> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ochy.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure partner webhook

> Create or update the HTTPS URL where Ochy sends analysis progress and completion events.
You can also enable optional HMAC-SHA256 signatures for webhook delivery.

- If no webhook exists yet, this **creates** the configuration.
- If a webhook already exists, this **updates** the URL and/or the `enabled` flag.
- If `signature.enabled` is `true`, Ochy signs webhook requests with HMAC-SHA256.

Set `enabled` to `false` to stop all webhook traffic until you enable it again.

To receive events for a given analysis, you must also pass `notify_via_webhook=true` on
[`POST /analysis/start`](/api-reference/analysis/start-analysis). See [API keys and webhooks](/guides/webhooks-and-api-keys)
for event types, payload shape, and ordering (`sequence`).




## OpenAPI

````yaml /openapi.yaml put /webhook
openapi: 3.0.1
info:
  title: Ochy Partner API
  version: 1.0.0
  description: >
    The Ochy Partner API lets you integrate running biomechanical analysis into
    your application.

    Upload a video of a runner, receive detailed biomechanical metrics, joint
    angles, running style

    classification, and frame-by-frame position data.
servers:
  - url: https://partner-api.ochy-prod.com
    description: Production
security:
  - apiKey: []
paths:
  /webhook:
    put:
      tags:
        - Webhooks
      summary: Configure partner webhook
      description: >
        Create or update the HTTPS URL where Ochy sends analysis progress and
        completion events.

        You can also enable optional HMAC-SHA256 signatures for webhook
        delivery.


        - If no webhook exists yet, this **creates** the configuration.

        - If a webhook already exists, this **updates** the URL and/or the
        `enabled` flag.

        - If `signature.enabled` is `true`, Ochy signs webhook requests with
        HMAC-SHA256.


        Set `enabled` to `false` to stop all webhook traffic until you enable it
        again.


        To receive events for a given analysis, you must also pass
        `notify_via_webhook=true` on

        [`POST /analysis/start`](/api-reference/analysis/start-analysis). See
        [API keys and webhooks](/guides/webhooks-and-api-keys)

        for event types, payload shape, and ordering (`sequence`).
      operationId: configureWebhook
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PartnerWebhookConfigRequest'
            example:
              url: https://client.example.com/webhooks/ochy
              enabled: true
              signature:
                enabled: true
      responses:
        '200':
          description: >
            Webhook configuration saved. Body mirrors [`GET
            /webhook`](/api-reference/webhooks/get-webhook).

            If a signing secret is generated during this request, it is returned
            once as

            `signature.secret`; store it securely.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PartnerWebhookConfigResponse'
              example:
                url: https://client.example.com/webhooks/ochy
                enabled: true
                updated_at: '2026-03-23T10:45:00Z'
                signature:
                  enabled: true
                  algorithm: HMAC-SHA256
                  last4: n6p8
                  created_at: '2026-03-23T10:45:00Z'
                  updated_at: '2026-03-23T10:45:00Z'
                  secret: YOUR_GENERATED_SIGNING_SECRET
        '400':
          description: Invalid request body or URL.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Missing API key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthErrorResponse'
        '403':
          description: Invalid API key.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthErrorResponse'
        '500':
          description: Internal server error.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    PartnerWebhookConfigRequest:
      type: object
      required:
        - url
        - enabled
      properties:
        url:
          type: string
          format: uri
          description: HTTPS endpoint that will receive `POST` requests with JSON payloads.
          example: https://client.example.com/webhooks/ochy
        enabled:
          type: boolean
          description: When `false`, no webhook events are sent until set back to `true`.
          example: true
        signature:
          $ref: '#/components/schemas/PartnerWebhookSignatureRequest'
    PartnerWebhookConfigResponse:
      type: object
      description: >
        Returned by `GET /webhook` and `PUT /webhook`. When no webhook has been
        stored yet,

        `GET /webhook` returns an empty object. The full signing secret is only
        present in

        responses that generated or rotated it.
      properties:
        url:
          type: string
          format: uri
          description: Registered webhook URL.
          example: https://client.example.com/webhooks/ochy
        enabled:
          type: boolean
          description: Whether webhook delivery is enabled for this partner.
          example: true
        updated_at:
          type: string
          format: date-time
          description: When the configuration was last updated (ISO 8601 UTC).
          example: '2026-03-23T10:45:00Z'
        signature:
          $ref: '#/components/schemas/PartnerWebhookSignatureResponse'
    ErrorResponse:
      type: object
      properties:
        detail:
          type: string
          example: Internal server error
        code:
          type: string
          description: Machine-readable error code (present on some errors).
          example: insufficient_credits
    AuthErrorResponse:
      type: object
      properties:
        detail:
          type: string
          example: API Key is missing
    PartnerWebhookSignatureRequest:
      type: object
      description: Optional HMAC-SHA256 signature settings for webhook delivery.
      properties:
        enabled:
          type: boolean
          description: When `true`, Ochy signs webhook requests with HMAC-SHA256.
          example: true
    PartnerWebhookSignatureResponse:
      type: object
      description: >-
        Webhook signing configuration. The `secret` field is returned only when
        generated or rotated.
      properties:
        enabled:
          type: boolean
          description: Whether Ochy signs webhook requests.
          example: true
        algorithm:
          type: string
          description: Signature algorithm used for webhook requests.
          enum:
            - HMAC-SHA256
          example: HMAC-SHA256
        last4:
          type: string
          description: >-
            Last four characters of the current signing secret, for
            identification.
          example: n6p8
        created_at:
          type: string
          format: date-time
          description: When the current signing secret was created (ISO 8601 UTC).
          example: '2026-03-23T10:45:00Z'
        updated_at:
          type: string
          format: date-time
          description: When the signature configuration was last updated (ISO 8601 UTC).
          example: '2026-03-23T10:45:00Z'
        secret:
          type: string
          description: >-
            Full signing secret. Returned only when generated or rotated; store
            it securely.
          example: YOUR_GENERATED_SIGNING_SECRET
  securitySchemes:
    apiKey:
      type: apiKey
      in: query
      name: apiKey
      description: Your API key, passed as a query parameter on every request.

````