> ## Documentation Index
> Fetch the complete documentation index at: https://docs.easycred.co.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Register Webhook



## OpenAPI

````yaml /api-reference/openapi.json post /api/v1/partner/webhooks
openapi: 3.1.0
info:
  title: EASYCRED Partner API
  version: 1.0.0
  description: >-
    EASYCRED-managed secure partner API. All requests require a Bearer API key
    plus HMAC request signing (X-Signature / X-Timestamp / X-Nonce). No raw
    customer PII is exposed by this version. Signing convention: the HMAC-SHA256
    is computed over method, path, timestamp, nonce and the raw request body.
    For GET requests (and any request with no body) the body component is the
    EMPTY string '' — sign over '' for those requests.
servers:
  - url: https://api.easycred.in
    description: Production
security:
  - bearerAuth: []
paths:
  /api/v1/partner/webhooks:
    post:
      summary: Register Webhook
      parameters:
        - name: X-Signature
          in: header
          required: true
          description: >-
            HMAC-SHA256 signature over method, path, timestamp, nonce and raw
            body.
          schema:
            type: string
        - name: X-Timestamp
          in: header
          required: true
          description: >-
            Unix epoch seconds. Requests outside the tolerance window are
            rejected.
          schema:
            type: string
        - name: X-Nonce
          in: header
          required: true
          description: Unique per-request nonce. Replays are rejected.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookCreateRequest'
      responses:
        '201':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookCreateResponse'
        '400':
          description: >-
            Invalid url (non-https / private host) or event types, or
            per-partner limit reached.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '401':
          description: >-
            Authentication failed (missing/invalid key, signature, or replayed
            nonce).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '403':
          description: Authenticated but missing the required scope / product access.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
        '429':
          description: Rate limit exceeded.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiError'
      security:
        - bearerAuth:
            - webhooks:manage
components:
  schemas:
    WebhookCreateRequest:
      type: object
      properties:
        url:
          type: string
          format: uri
          description: HTTPS endpoint; must not target a private host/IP.
        events:
          type: array
          minItems: 1
          items:
            type: string
            enum:
              - journey.initiated
              - journey.updated
              - journey.completed
              - journey.rejected
              - journey.failed
      required:
        - url
        - events
    WebhookCreateResponse:
      type: object
      description: Returned on create. The plaintext `secret` is shown ONCE — store it now.
      properties:
        success:
          type: boolean
          const: true
        data:
          type: object
          properties:
            subscriptionId:
              type: string
            secret:
              type: string
              description: HMAC signing secret. Returned exactly once.
          required:
            - subscriptionId
            - secret
      required:
        - success
        - data
    ApiError:
      type: object
      properties:
        success:
          type: boolean
          const: false
        error:
          type: string
      required:
        - success
        - error
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key of the form ec_(live|test)_<prefix>_<secret>. Scopes are listed
        per operation.

````