Skip to main content

Webhooks API

Register outbound webhook endpoints with HMAC signing Base path: /api/v1/webhooks Endpoint count: 2

List webhook endpoints

GET /api/v1/webhooks/
List all webhook endpoints for the tenant, cursor-paginated.
cursor
string
Opaque cursor for the next page (from previous response meta.pagination.cursor)
limit
integer
Number of items per page (1–200, default 25)
cURL
curl -X GET "https://api.orbit.devotel.io/api/v1/webhooks/" \
  -H "X-API-Key: dv_live_sk_your_key_here"
Node.js
import { Orbit } from '@devotel/orbit-sdk'

const orbit = new Orbit({
  apiKey: process.env.ORBIT_API_KEY!,
})

const res = await fetch('https://api.orbit.devotel.io/api/v1/webhooks/', {
  method: 'GET',
  headers: {
    'X-API-Key': process.env.ORBIT_API_KEY!,
  },
})
console.log(await res.json())
Python
import os, requests

headers = {"X-API-Key": os.environ["ORBIT_API_KEY"]}
r = requests.get("https://api.orbit.devotel.io/api/v1/webhooks/", headers=headers)
print(r.json())
Go
package main

import (
	"bytes"
	"net/http"
	"os"
)

func main() {
	req, _ := http.NewRequest("GET", "https://api.orbit.devotel.io/api/v1/webhooks/", nil)
	req.Header.Set("X-API-Key", os.Getenv("ORBIT_API_KEY"))

	http.DefaultClient.Do(req)
}
Ruby
require 'net/http'
require 'json'

uri = URI('https://api.orbit.devotel.io/api/v1/webhooks/')
req = Net::HTTP::Get.new(uri)
req['X-API-Key'] = ENV['ORBIT_API_KEY']


res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) { |h| h.request(req) }
puts res.body
PHP
<?php
$ch = curl_init('https://api.orbit.devotel.io/api/v1/webhooks/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
  'X-API-Key: ' . getenv('ORBIT_API_KEY'),

]);

echo curl_exec($ch);

Register a webhook endpoint

POST /api/v1/webhooks/
Register a webhook endpoint to receive event notifications. URL must be HTTPS and not target a private/loopback/link-local/CGNAT host (SSRF defense). Optional secret is used to compute the X-Devotel-Signature HMAC; if omitted, Devotel auto-generates one and returns it in the response (this is the only time the secret is returned in cleartext — it is encrypted at rest after).
url
string
required
HTTPS endpoint URL.
events
string[]
required
Subscribed event types. See WEBHOOK_EVENT_TYPES (e.g. message.delivered, call.completed, verification.approved).
secret
string
Optional shared secret. Used to verify the X-Devotel-Signature HMAC on every delivery.
active
boolean
Whether to start dispatching events immediately.
description
string
timeout_seconds
integer
Per-endpoint HTTP delivery timeout in seconds (1-30). The dispatcher aborts an in-flight delivery once this many seconds elapse. Defaults to 30 (the platform hard ceiling) when omitted.
retry_policy
object
cURL
curl -X POST "https://api.orbit.devotel.io/api/v1/webhooks/" \
  -H "X-API-Key: dv_live_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
}'
Node.js
import { Orbit } from '@devotel/orbit-sdk'

const orbit = new Orbit({
  apiKey: process.env.ORBIT_API_KEY!,
})

const res = await fetch('https://api.orbit.devotel.io/api/v1/webhooks/', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.ORBIT_API_KEY!,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
}),
})
console.log(await res.json())
Python
import os, requests

headers = {"X-API-Key": os.environ["ORBIT_API_KEY"]}
headers["Content-Type"] = "application/json"
r = requests.post("https://api.orbit.devotel.io/api/v1/webhooks/", headers=headers, json={
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
})
print(r.json())
Go
package main

import (
	"bytes"
	"net/http"
	"os"
)

func main() {
	req, _ := http.NewRequest("POST", "https://api.orbit.devotel.io/api/v1/webhooks/", bytes.NewBuffer([]byte(`{
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
}`)))
	req.Header.Set("X-API-Key", os.Getenv("ORBIT_API_KEY"))
	req.Header.Set("Content-Type", "application/json")
	http.DefaultClient.Do(req)
}
Ruby
require 'net/http'
require 'json'

uri = URI('https://api.orbit.devotel.io/api/v1/webhooks/')
req = Net::HTTP::Post.new(uri)
req['X-API-Key'] = ENV['ORBIT_API_KEY']
req['Content-Type'] = 'application/json'
req.body = {
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
}.to_json
res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) { |h| h.request(req) }
puts res.body
PHP
<?php
$ch = curl_init('https://api.orbit.devotel.io/api/v1/webhooks/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
  'X-API-Key: ' . getenv('ORBIT_API_KEY'),
  'Content-Type: application/json',
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, <<<JSON
{
  "url": "https://yourapp.com/webhooks/orbit",
  "events": [
    "message.delivered",
    "message.failed",
    "call.completed"
  ]
}
JSON);
echo curl_exec($ch);