Register webhook - Hellgate Cloud Platform

POST

api

webhooks

curl --request POST \
  --url https://api.eu1.hellgate.cloud/api/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://your-backend.example.com/hooks/account-information"
}
'

{
  "id": "2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e",
  "created_at": "2026-06-22T09:55:00Z",
  "url": "https://your-backend.example.com/hooks/account-information",
  "signing_secret": "whsec_9f8e7d6c5b4a3f2e1d0c"
}

Authorizations

Authorization

string

header

required

An Account Information–scoped OAuth2 access token obtained from the platform Authentication API. Send it as a bearer token on every request.

Body

application/json

url

string<uri>

required

The HTTPS endpoint that receives event notifications.

Example:

"https://your-backend.example.com/hooks/account-information"

Response

The webhook was registered.

string<uuid>

required

The unique identifier for the webhook.

Example:

"2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e"

created_at

string<date-time>

required

When the webhook was registered.

Example:

"2026-06-22T09:55:00Z"

url

string<uri>

required

The registered endpoint.

Example:

"https://your-backend.example.com/hooks/account-information"

signing_secret

string

required

The signing secret, returned only once. Store it securely and use it to verify the x-hmac-signature on every delivery.

Example:

"whsec_9f8e7d6c5b4a3f2e1d0c"

Event notificationThe platform delivers events to your registered webhook endpoint using a shared envelope: `id`, `created_at`, `type`, `reason`, and a `related_object` you can fetch for the detail. The `type` field identifies the event. The events documented here are the Account Information Service's `ais.*` events, sent when an account-check session reaches a terminal state: - On `ais.completed`, `related_object` references the account information record — fetch it with **Get account information**. - On a failure event, `related_object` references the session. Every delivery is signed with `x-hmac-signature` (HMAC-SHA256 over the raw body, keyed by your `signing_secret`); verify it before trusting the payload.

⌘I

curl --request POST \
  --url https://api.eu1.hellgate.cloud/api/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://your-backend.example.com/hooks/account-information"
}
'

{
  "id": "2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e",
  "created_at": "2026-06-22T09:55:00Z",
  "url": "https://your-backend.example.com/hooks/account-information",
  "signing_secret": "whsec_9f8e7d6c5b4a3f2e1d0c"
}