> ## Documentation Index > Fetch the complete documentation index at: https://developers.bspk.com/llms.txt > Use this file to discover all available pages before exploring further. # Creates a webhook endpoint > Creates a webhook endpoint. ## OpenAPI ````yaml /api-reference/platform_v1.json post /api/platform/v1/webhook_endpoints openapi: 3.0.3 info: title: PLATFORM API V1 version: 1.0.0 contact: name: BSPK API Support email: bspk-support@bspk.com description: >- # Introduction The BSPK RESTful JSON API gives you access to your company's BSPK data. For all BSPK API related questions please email: *bspk-support@bspk.com* ### Authentication BSPK uses Token-Based API Authentication. API keys can be managed from the API Keys section in your admin interface. All unauthenticated requests will return an HTTP 401 response. **Important:** Developers with BSPK API keys will be granted full access to the data in each endpoint. Access to this data is binary: everything or nothing. **Authorization header** Your `Authorization` header should be in the following format: ``` Authorization: Bearer [API_KEY] ``` ### Throttling API requests are limited to the amount specified in the returned `X-RateLimit-Limit` header (per 10 seconds). Exceeding that limit will cause BSPK to return an `HTTP 429` response. Check the `X-RateLimit-Limit` and `X-RateLimit-Remaining` headers to see how many more requests you are allowed until throttling kicks in. ### Error Codes - 400 - Bad Request. - 401 - Unauthorized – Invalid BSPK API key. - 404 - Not Found – Resource not found. - 422 - Unprocessable entity. - 429 - Throttle Limit reached. - 500 - BSPK Internal Server Error ### Validation Methods that take input will validate all parameters. Any parameter that fails validation will trigger an error response with status HTTP 422. The response body will be a JSON object like the example below which includes a list of fields that failed validation. `{'errors':[{'title': 'No clients found with IDs: [NON_EXISTING_ID, OTHER_NON_EXISTING_ID]','code':'not_found'}]}` ### Additional Information - Fields without a value will return null - Timestamps are rendered in ISO-8601 format (e.g. 2018-07-21T17:32:28Z) - BSPK reserves the right to add more properties to objects, but will never change or remove them. Any breaking changes will result in a major API version update. servers: - url: https://api.bspk.com description: Production security: - BearerAuth: [] paths: /api/platform/v1/webhook_endpoints: post: tags: - Webhooks summary: Creates a webhook endpoint description: Creates a webhook endpoint. operationId: createWebhookEndpoint parameters: [] requestBody: content: application/json: schema: type: object properties: target_url: type: string example: https://mycompany.com/incoming_webhooks/clients is_enabled: type: boolean description: >- When not specified it defaults to `true` thus enabling the endpoint. events: type: array description: >- List of events to subscribe to. Use `shopper.*` events for shopper notifications. `client.*` events are deprecated — use `shopper.*` instead. items: type: string enum: - shopper.created - shopper.updated - shopper.deleted - client.created - client.updated - client.deleted - file_import.finished - cart.created - metafield.created - metafield.updated - metafield.deleted example: - shopper.created - shopper.updated - shopper.deleted - file_import.finished required: - target_url - events - is_enabled responses: '201': description: Successful response, returns object content: application/json: example: id: 20 target_url: https://mycompany.com/incoming_webhooks/shoppers events: - shopper.created - shopper.updated - shopper.deleted is_enabled: true created_at: '2026-03-11T18:34:54.941Z' updated_at: '2026-03-11T18:34:54.941Z' secret: a625a98be58a621c29ffef103083d43e schema: $ref: '#/components/schemas/webhook_endpoint' security: - BearerAuth: [] components: schemas: webhook_endpoint: type: object description: >- Creates a webhook webdpoints allowing external backend systems to be notified wheneve the event occurs on BSPK. properties: id: type: integer description: >- Unique identifier of the store where the appointment was created (based on associate assignment) target_url: type: string description: >- Store name of where the appointment was created (based on associate assignment) events: type: array items: type: string example: - shopper.created - shopper.updated - shopper.deleted is_enabled: type: boolean description: >- Whether or not the webhoook endpoint is enabled. If `true` events will be sent to it, otherwise it will not. secret: type: string description: >- (Only returned while creating the endpoint). The secret that BSPK will send (via `X-Bspk-Secret` HTTP header) on every request to this endpoint so that your bakend can validate requests. created_at: type: string format: date_time description: Timestamp of when the webhook endpoint was created updated_at: type: string format: date_time description: Timestamp of when the webhook endpoint was last updated required: - id - target_url - events - is_enabled - created_at - updated_at securitySchemes: BearerAuth: type: http scheme: bearer ````