> ## Documentation Index
> Fetch the complete documentation index at: https://developers.vendaze.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a webhook

> Creates a new webhook.

<Accordion title="Required scope">
`webhooks:manage`
</Accordion>



## OpenAPI

````yaml /en/api-reference/openapi.json post /v1/webhooks
openapi: 3.1.0
info:
  title: OAuth 2.1
  description: Endpoints for registering applications and managing OAuth 2.1 tokens.
  version: 1.0.0
  contact:
    name: Vendaze Support
    email: suporte@vendaze.com
servers:
  - url: https://api.vendaze.com
    description: Production
security:
  - bearerAuth: []
tags:
  - name: OAuth
  - name: People
  - name: Companies
  - name: Deals
  - name: Tasks
  - name: Task Types
  - name: Products
  - name: Tags
  - name: Lists
  - name: Custom Fields
  - name: Webhooks
paths:
  /v1/webhooks:
    post:
      tags:
        - Webhooks
      summary: Create a webhook
      description: |-
        Creates a new webhook.

        <Accordion title="Required scope">
        `webhooks:manage`
        </Accordion>
      operationId: createWebhook
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateWebhookRequest'
      responses:
        '201':
          description: Webhook created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookResponse'
              example:
                data:
                  id: wh_3f9a1c8b2d4e5f6a7b8c9d0e1f2a3b4c
                  name: My webhook
                  url: https://myapp.com/webhooks/vendaze
                  events:
                    - person.created
                    - deal.won
                  auth_enable: true
                  webhook_secret: >-
                    whsec_3f9a1c8b2d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0
                  created_at: '2026-05-26T14:00:00.000Z'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/InsufficientScope'
        '422':
          $ref: '#/components/responses/ValidationError'
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  schemas:
    CreateWebhookRequest:
      type: object
      required:
        - name
        - url
        - events
      properties:
        name:
          type: string
          minLength: 1
          maxLength: 100
          description: Descriptive name for the webhook.
          example: My webhook
        url:
          type: string
          format: uri
          description: HTTPS destination URL. HTTP is not accepted.
          example: https://myapp.com/webhooks/vendaze
        events:
          type: array
          items:
            $ref: '#/components/schemas/WebhookEvent'
          minItems: 1
          description: List of events to subscribe to.
          example:
            - person.created
            - deal.won
        auth_enable:
          type: boolean
          default: false
          description: >-
            Enables signed deliveries. When `true`, a `webhook_secret` is
            generated and returned in the response.
          example: true
    WebhookResponse:
      type: object
      properties:
        data:
          $ref: '#/components/schemas/Webhook'
    WebhookEvent:
      type: string
      enum:
        - person.created
        - person.updated
        - person.deleted
        - activity.created
        - activity.updated
        - activity.deleted
        - company.created
        - company.updated
        - company.deleted
        - deal.created
        - deal.updated
        - deal.stage_changed
        - deal.won
        - deal.lost
        - deal.deleted
        - task.created
        - task.updated
        - task.completed
        - task.deleted
        - tag.created
        - tag.updated
        - tag.deleted
        - product.created
        - product.updated
        - product.deleted
        - pipeline.created
        - pipeline.updated
        - pipeline.deleted
        - member_invited
        - member_joined
        - member_removed
        - usage_logs.created
      description: A valid webhook event name.
    Webhook:
      type: object
      properties:
        id:
          type: string
          description: Unique webhook identifier.
          example: wh_3f9a1c8b2d4e5f6a7b8c9d0e1f2a3b4c
        name:
          type: string
          description: Descriptive name for the webhook.
          example: My webhook
        url:
          type: string
          format: uri
          description: HTTPS destination URL for deliveries.
          example: https://myapp.com/webhooks/vendaze
        events:
          type: array
          items:
            $ref: '#/components/schemas/WebhookEvent'
          description: List of subscribed event names.
          example:
            - person.created
            - deal.won
        auth_enable:
          type: boolean
          description: >-
            When `true`, every delivery includes a `Webhook-Signature` header
            signed with `webhook_secret`.
          example: true
        webhook_secret:
          type: string
          nullable: true
          description: >-
            Present when `auth_enable` is `true`. Use to verify the
            `Webhook-Signature` header on every delivery. Format: `whsec_`
            followed by 64 hex characters.
          example: >-
            whsec_3f9a1c8b2d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0
        created_at:
          type: string
          format: date-time
          description: ISO 8601 UTC timestamp of when the webhook was created.
          example: '2026-05-26T14:00:00.000Z'
    ErrorResponse:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
            request_id:
              type: string
              format: uuid
    ValidationErrorResponse:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
              example: validation_error
            message:
              type: string
              example: Validation failed.
            fields:
              type: object
              additionalProperties:
                type: string
            request_id:
              type: string
              format: uuid
  responses:
    BadRequest:
      description: 'Malformed request body or empty update. Error code: `bad_request`.'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: bad_request
              message: Request body must be valid JSON.
              request_id: 550e8400-e29b-41d4-a716-446655440000
    Unauthorized:
      description: >-
        Token missing, invalid, or expired. Possible error codes:
        `unauthorized`, `token_expired`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: unauthorized
              message: Missing or invalid Authorization header.
              request_id: 550e8400-e29b-41d4-a716-446655440000
    InsufficientScope:
      description: 'Token lacks the required scope. Error code: `insufficient_scope`.'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: insufficient_scope
              message: This endpoint requires the 'webhooks:read' scope.
              request_id: 550e8400-e29b-41d4-a716-446655440000
    ValidationError:
      description: >-
        Input validation failed. Error code: `validation_error`. The `fields`
        object maps each invalid field to a description of the problem.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ValidationErrorResponse'
          example:
            error:
              code: validation_error
              message: Validation failed.
              fields:
                url: url must use HTTPS.
                events: At least one event is required.
              request_id: 550e8400-e29b-41d4-a716-446655440000
    RateLimitExceeded:
      description: 'Rate limit exceeded. Error code: `rate_limit_exceeded`.'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: rate_limit_exceeded
              message: Rate limit exceeded. Try again in 60 seconds.
              request_id: 550e8400-e29b-41d4-a716-446655440000
    InternalError:
      description: 'Unexpected server error. Error code: `internal_error`.'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: internal_error
              message: An unexpected error occurred.
              request_id: 550e8400-e29b-41d4-a716-446655440000
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: OAuth 2.1 access token.

````