PLATFORM RC-75 Webhooks (v1) — event signing + delivery log contract (contract) (v1)

Download OpenAPI specification:

Contract-only webhook endpoint registry and delivery log contracts. This document does not imply a runtime backend implementation.

Signing headers (outbound delivery, v1):

X-Zex-Event-Id: immutable business event id (uuid)
X-Zex-Delivery-Id: unique id per delivery attempt (uuid)
X-Zex-Timestamp: unix seconds (UTC)
X-Zex-Signature: v1= where is lowercase hex HMAC-SHA256 over: {timestamp}.{raw_body}
X-Zex-Signature-Version: v1

Replay protection (contract): reject if timestamp skew exceeds 5 minutes (default; configurable later).

Create webhook endpoint (idempotent)

header Parameters

X-Correlation-Id required	string
X-Idempotency-Key required	string

Request Body schema: application/json
required

url required	string
description	string or null
requested_by	string or null

Responses

Request samples

Payload

Content type

application/json

{"url": "string",
"description": "string",
"requested_by": "string"
}

Response samples

200

Content type

application/json

Example

WebhookEndpointWriteApplied

{"outcome": "APPLIED",
"reason_code": "string",
"endpoint": {"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"url": "string",
"status": "active",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"secret": {"secret_id": "9e739c43-5a0b-4293-91b3-7c10894ec3f4",
"secret": "string",
"rotated_at": "2019-08-24T14:15:22Z"
},
"correlation_id": "string",
"idempotency_key": "string",
"audit_event_id": "string"
}

List webhook endpoints (metadata only)

header Parameters

X-Correlation-Id

required

string

Responses

Response samples

200

Content type

application/json

{"endpoints": [{"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"url": "string",
"status": "active",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
],
"correlation_id": "string",
"audit_event_id": "string"
}

Rotate webhook signing secret (idempotent)

path Parameters

endpoint_id

required

string

header Parameters

X-Correlation-Id required	string
X-Idempotency-Key required	string

Request Body schema: application/json
optional

reason	string or null
requested_by	string or null

Responses

Request samples

Payload

Content type

application/json

{"reason": "string",
"requested_by": "string"
}

Response samples

200

Content type

application/json

Example

WebhookEndpointWriteApplied

{"outcome": "APPLIED",
"reason_code": "string",
"endpoint": {"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"url": "string",
"status": "active",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"secret": {"secret_id": "9e739c43-5a0b-4293-91b3-7c10894ec3f4",
"secret": "string",
"rotated_at": "2019-08-24T14:15:22Z"
},
"correlation_id": "string",
"idempotency_key": "string",
"audit_event_id": "string"
}

Disable webhook endpoint (idempotent)

path Parameters

endpoint_id

required

string

header Parameters

X-Correlation-Id required	string
X-Idempotency-Key required	string

Request Body schema: application/json
optional

reason	string or null
requested_by	string or null

Responses

Request samples

Payload

Content type

application/json

{"reason": "string",
"requested_by": "string"
}

Response samples

200

Content type

application/json

Example

WebhookEndpointWriteApplied

{"outcome": "APPLIED",
"reason_code": "string",
"endpoint": {"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"url": "string",
"status": "active",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"secret": {"secret_id": "9e739c43-5a0b-4293-91b3-7c10894ec3f4",
"secret": "string",
"rotated_at": "2019-08-24T14:15:22Z"
},
"correlation_id": "string",
"idempotency_key": "string",
"audit_event_id": "string"
}

List delivery attempts (metadata only)

header Parameters

X-Correlation-Id

required

string

Responses

Response samples

200

Content type

application/json

{"deliveries": [{"delivery_id": "9892f438-d31c-4ff2-bc84-146525b292ff",
"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"event_id": "a7a26ff2-e851-45b6-9634-d595f45458b7",
"attempt_number": 1,
"status": "queued",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"http_status": 0,
"error_code": "string",
"next_retry_at": "2019-08-24T14:15:22Z"
}
],
"correlation_id": "string",
"audit_event_id": "string"
}

Delivery attempt detail (metadata only)

path Parameters

delivery_id

required

string

header Parameters

X-Correlation-Id

required

string

Responses

Response samples

200

Content type

application/json

{"delivery": {"delivery_id": "9892f438-d31c-4ff2-bc84-146525b292ff",
"endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
"event_id": "a7a26ff2-e851-45b6-9634-d595f45458b7",
"attempt_number": 1,
"status": "queued",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"http_status": 0,
"error_code": "string",
"next_retry_at": "2019-08-24T14:15:22Z"
},
"correlation_id": "string",
"audit_event_id": "string"
}

PLATFORM RC-75 Webhooks (v1) — event signing + delivery log contract (contract) (v1)

Create webhook endpoint (idempotent)

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

List webhook endpoints (metadata only)

header Parameters

Responses

Response samples

Rotate webhook signing secret (idempotent)

path Parameters

header Parameters

Request Body schema: application/jsonoptional

Responses

Request samples

Response samples

Disable webhook endpoint (idempotent)

path Parameters

header Parameters

Request Body schema: application/jsonoptional

Responses

Request samples

Response samples

List delivery attempts (metadata only)

header Parameters

Responses

Response samples

Delivery attempt detail (metadata only)

path Parameters

header Parameters

Responses

Response samples

Request Body schema: application/json
required

Request Body schema: application/json
optional

Request Body schema: application/json
optional