Skip to main content
POST
/
v1
/
webhook_endpoints
Create a webhook endpoint
curl --request POST \
  --url https://api.newinvoice.dev/v1/webhook_endpoints \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://example.com/webhooks/invoice",
  "enabled_events": [
    "invoice.stamped",
    "invoice.cancelled"
  ],
  "metadata": {
    "team": "billing"
  }
}
'
import requests

url = "https://api.newinvoice.dev/v1/webhook_endpoints"

payload = {
"url": "https://example.com/webhooks/invoice",
"enabled_events": ["invoice.stamped", "invoice.cancelled"],
"metadata": { "team": "billing" }
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
url: 'https://example.com/webhooks/invoice',
enabled_events: ['invoice.stamped', 'invoice.cancelled'],
metadata: {team: 'billing'}
})
};

fetch('https://api.newinvoice.dev/v1/webhook_endpoints', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.newinvoice.dev/v1/webhook_endpoints",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'url' => 'https://example.com/webhooks/invoice',
'enabled_events' => [
'invoice.stamped',
'invoice.cancelled'
],
'metadata' => [
'team' => 'billing'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://api.newinvoice.dev/v1/webhook_endpoints"

payload := strings.NewReader("{\n \"url\": \"https://example.com/webhooks/invoice\",\n \"enabled_events\": [\n \"invoice.stamped\",\n \"invoice.cancelled\"\n ],\n \"metadata\": {\n \"team\": \"billing\"\n }\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://api.newinvoice.dev/v1/webhook_endpoints")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"url\": \"https://example.com/webhooks/invoice\",\n \"enabled_events\": [\n \"invoice.stamped\",\n \"invoice.cancelled\"\n ],\n \"metadata\": {\n \"team\": \"billing\"\n }\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.newinvoice.dev/v1/webhook_endpoints")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"url\": \"https://example.com/webhooks/invoice\",\n \"enabled_events\": [\n \"invoice.stamped\",\n \"invoice.cancelled\"\n ],\n \"metadata\": {\n \"team\": \"billing\"\n }\n}"

response = http.request(request)
puts response.read_body
{
  "object": "webhook_endpoint",
  "id": "obj_2P9K3sample",
  "url": "https://example.com/webhooks/invoice",
  "enabled_events": [
    "string"
  ],
  "enabled": true,
  "connect": true,
  "livemode": false,
  "metadata": {},
  "created_at": "2026-07-10T18:25:43Z",
  "updated_at": "2026-07-10T18:25:43Z",
  "secret": "string"
}
{
"type": "https://errors.invoiceapi.mx/auth_unauthorized",
"title": "Authentication required",
"status": 401,
"code": "auth.unauthorized",
"detail": "Missing or invalid API key.",
"remediation": "Send `Authorization: Bearer sk_test_...` (or sk_live_...) with a valid API key.",
"doc_url": "/docs/errors#auth-unauthorized",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/idempotency_key_reuse",
"title": "Idempotency-Key reused with a different request body",
"status": 409,
"code": "idempotency.key_reuse",
"detail": "This Idempotency-Key was already used for a different payload.",
"remediation": "Reuse an Idempotency-Key only for byte-identical retries; use a fresh key otherwise.",
"doc_url": "/docs/errors#idempotency-key_reuse",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/request_validation_failed",
"title": "Request validation failed",
"status": 422,
"code": "request.validation_failed",
"detail": "One or more fields did not satisfy the schema.",
"remediation": "Fix the fields listed in `errors` and resubmit.",
"doc_url": "/docs/errors#request-validation_failed",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/rate_limit_exceeded",
"title": "Rate limit exceeded",
"status": 429,
"code": "rate_limit.exceeded",
"detail": "Too many requests for this key + request class (reads and writes are limited separately).",
"remediation": "Back off and retry after the number of seconds in the Retry-After header; batch work or lower your request rate.",
"doc_url": "/docs/errors#rate_limit-exceeded",
"request_id": "req_2P9K3sample"
}
{
"type": "https://errors.invoiceapi.mx/internal_error",
"title": "Internal server error",
"status": 500,
"code": "internal.error",
"detail": "An unexpected error occurred.",
"remediation": "Retry later; contact support with the request_id if it persists.",
"doc_url": "/docs/errors#internal-error",
"request_id": "req_2P9K3sample"
}

Authorizations

Authorization
string
header
required

API key: Authorization: Bearer sk_test_... or sk_live_....

Headers

Invoice-Version
string

Pin a dated API release (Stripe-style). Omit to use the current version. An unknown value returns 400 request.invalid_version. Echoed back on every response.

Example:

"2026-07-10"

Invoice-Account
string

Connect: act on behalf of one of your connected accounts (its acct_…/org_… id). Omit to act as your own organization. Not honored on /v1/api_keys.

Example:

"org_2P9connectedacct"

Idempotency-Key
string

Safely retry any POST. The first response is stored for 24h and replayed byte-for-byte for identical retries (the replay adds an idempotent-replayed: true header). Reusing the key with a different body is 409 idempotency.key_reuse; an in-flight duplicate is 409 idempotency.key_processing. This makes retrying a 502/429 safe — no duplicate stamp.

Example:

"a1b2c3d4-e5f6-4789-8abc-1234567890ab"

Body

application/json
url
string<uri>
required

HTTPS URL that receives event POSTs, e.g. "https://example.com/webhooks/invoice".

enabled_events
string[]

Event types to deliver: "" (all), a namespace wildcard like "invoice.", or exact types like "invoice.stamped". Default ["*"].

Minimum array length: 1
connect
boolean
default:false

Connect: when true (on a platform org), also receive events from ALL connected accounts. Each delivery's account field names which one. Default false.

metadata
object

Integrator-owned key-value map (≤50 keys), stored and echoed back verbatim.

Response

Default Response

object
enum<string>
required

Always "webhook_endpoint".

Available options:
webhook_endpoint
id
string
required

Webhook endpoint id, e.g. "we_2P9K3sample".

url
string
required

HTTPS URL events are delivered to.

enabled_events
string[]
required

Subscribed event types ("*", namespace wildcards, or exact types).

enabled
boolean
required

False when the endpoint is paused (disabled).

connect
boolean
required

True when this endpoint also receives connected-account events.

livemode
boolean
required

True if created with a live-mode key.

metadata
object
required

Integrator-owned key-value map echoed back.

created_at
string
required

Creation timestamp, ISO-8601 UTC.

updated_at
string
required

Last-update timestamp, ISO-8601 UTC.

secret
string
required

Signing secret ("whsec_…") for verifying delivery signatures — shown exactly once at creation.