Skip to main content
POST
/
webhooks
Create a webhook
curl --request POST \
  --url https://api.polygon.technology/v0.9/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'Idempotency-Key: <idempotency-key>' \
  --data '
{
  "url": "<string>",
  "events": [
    "<string>"
  ]
}
'
{
  "complianceOnly": true,
  "createdAt": "2023-11-07T05:31:56Z",
  "enabled": true,
  "events": [
    "<string>"
  ],
  "id": "<string>",
  "secret": "<string>",
  "url": "<string>"
}

Authorizations

Authorization
string
header
required

Token from POST /auth/token

Headers

Idempotency-Key
string
required

Required on POST and PUT requests. Use a unique value per logical mutation attempt, for example a UUID.

Body

application/json
url
string
required

HTTPS endpoint URL. HTTP is only accepted in local/sandbox mode.

events
string[]

Event types to subscribe to. Omit the field, pass [], ["*"], or ["ALL"] to subscribe to all events. Specific event type strings must match the catalog in the webhook delivery documentation.

Response

201 - application/json

The request has succeeded and a new resource has been created as a result.

complianceOnly
boolean
required

When true, this endpoint receives compliance-only events (e.g. underReview) that are excluded from all regular partner webhooks (AML no-tipping-off). Can only be set via the admin API.

createdAt
string<date-time>

ISO 8601 UTC timestamp of when the webhook was registered.

enabled
boolean

Whether OMS is actively delivering events to this endpoint. Set to false to pause deliveries without deleting the endpoint. OMS also sets this to false automatically if the endpoint returns 410 Gone.

events
string[]

Event types this endpoint subscribes to. An empty array means the endpoint receives all event types (wildcard). See the event catalog in the webhook delivery documentation for the full list of valid values.

id
string

Unique webhook identifier. Uses the whk_ prefix.

object
enum<string>

Resource type discriminator. Always "webhook".

Available options:
webhook
secret
string

Signing secret used to verify the Webhook-Signature header on incoming deliveries. Uses the whsec_ prefix (32 cryptographically random bytes, hex-encoded). Returned only on creation - it cannot be retrieved afterward. Store it in your secrets manager immediately.

status
enum<string>
Available options:
active,
disabled
url
string

HTTPS endpoint that OMS delivers event payloads to.