Register a webhook endpoint

POST

apps

{id}

webhooks

curl --request POST \
  --url https://api.alakazam.gg/v1/apps/{id}/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "<string>",
  "events": [
    "<string>"
  ]
}
'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "events": [
    "<string>"
  ],
  "enabled": true,
  "created_at": "2023-11-07T05:31:56Z",
  "secret": "whsec_…"
}

Authorizations

Authorization

string

header

required

A Supabase user access token (for app/key management).

Path Parameters

string<uuid>

required

Body

application/json

url

string<uri>

required

HTTPS URL to deliver events to (http is rejected).

events

string[]

Event types to subscribe to. The currently-delivered events are world.generation.succeeded and world.generation.failed; session.ended is reserved and not yet emitted.

Response

Endpoint created (secret shown once)

Returned ONCE at creation. The secret (prefixed whsec_) is unrecoverable afterward — store it now.

string<uuid>

url

string<uri>

events

string[]

enabled

boolean

created_at

string<date-time>

secret

string

Signing secret used to verify the Alakazam-Signature header. Shown only once.

Example:

"whsec_…"

Delete a webhook endpoint

⌘I

curl --request POST \
  --url https://api.alakazam.gg/v1/apps/{id}/webhooks \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "<string>",
  "events": [
    "<string>"
  ]
}
'

{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "events": [
    "<string>"
  ],
  "enabled": true,
  "created_at": "2023-11-07T05:31:56Z",
  "secret": "whsec_…"
}