> ## Documentation Index
> Fetch the complete documentation index at: https://torpedo.co.mz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create webhook

> Registers an HTTPS endpoint to receive event notifications.
The `signingSecret` is returned **once only** — use it to verify
the `X-Signature` header on incoming requests (HMAC-SHA256).




## OpenAPI

````yaml /openapi.yaml post /api/v1/webhooks
openapi: 3.0.3
info:
  title: Torpedo API
  version: '1.0'
  description: |
    Torpedo is a transactional email API built for developers.
    Send emails from your own verified domain with a single HTTP call.
  contact:
    email: support@torpedo.co.mz
  termsOfService: https://torpedo.co.mz/terms
servers:
  - url: https://api.torpedo.co.mz
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /api/v1/webhooks:
    post:
      tags:
        - Webhooks
      summary: Create webhook
      description: |
        Registers an HTTPS endpoint to receive event notifications.
        The `signingSecret` is returned **once only** — use it to verify
        the `X-Signature` header on incoming requests (HMAC-SHA256).
      operationId: createWebhook
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - url
                - events
              properties:
                url:
                  type: string
                  format: uri
                  description: Must be an HTTPS URL
                  example: https://myapp.com/webhooks/torpedo
                events:
                  type: array
                  minItems: 1
                  items:
                    type: string
                    enum:
                      - email.delivered
                      - email.bounced
                      - email.complained
                      - email.failed
                      - domain.verified
                      - domain.failed
                  example:
                    - email.delivered
                    - email.bounced
                    - email.failed
      responses:
        '201':
          description: Webhook created — store the signingSecret now
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    allOf:
                      - $ref: '#/components/schemas/Webhook'
                      - type: object
                        properties:
                          signingSecret:
                            type: string
                            description: HMAC-SHA256 signing secret — returned once only
                            example: a3f2c1...
        '402':
          description: Webhook limit reached for your plan
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
components:
  schemas:
    Webhook:
      type: object
      properties:
        id:
          type: string
          format: uuid
        url:
          type: string
          format: uri
          example: https://myapp.com/webhooks/torpedo
        events:
          type: array
          items:
            type: string
          example:
            - email.delivered
            - email.bounced
        createdAt:
          type: string
          format: date-time
        lastDeliveryAt:
          type: string
          format: date-time
          nullable: true
        lastFailureAt:
          type: string
          format: date-time
          nullable: true
        lastFailureReason:
          type: string
          nullable: true
    Error:
      type: object
      properties:
        errors:
          type: array
          items:
            type: object
            properties:
              message:
                type: string
                example: Domain not verified
              field:
                type: string
                example: from
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: |
        Prefix `tor_` followed by a base64url-encoded random key.
        Obtain one from `POST /api/v1/workspaces` or `POST /api/v1/auth/keys`.

````