Register a webhook endpoint
Register a new HTTPS endpoint to receive Kallima events.
Returns the full Webhook object including the secret field —
the only time the raw signing secret is exposed. Store it immediately;
it cannot be recovered. To issue a new secret, call
PATCH /v1/webhooks/{id} with rotate_secret=true.
Signing. Every delivery carries a Kallima-Signature header with
the format t=<unix-ts>,v1=<hex-hmac-sha256>. Verify with:
hmac.compare_digest(expected_sig, received_sig) using
HMAC-SHA256("<secret>", "<timestamp>.<raw-body>").
Replay protection. Reject deliveries where t is more than 300
seconds old to defend against captured-and-replayed requests.
Cost: write — burns rate + quota.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
Body for POST /v1/webhooks.
HTTPS endpoint Kallima will POST events to.
"https://your-service.example.com/webhooks/kallima"
Event types to subscribe to. null or empty list means all events. Example values: humanization.completed, structure_prediction.failed.
[
"humanization.completed",
"humanization.failed"
]
Whether deliveries are attempted immediately. Default true.
Response
Successful Response
Registered webhook endpoint.
Opaque webhook identifier (UUID).
"aaaa0001-bbbb-0002-cccc-000300040005"
HTTPS endpoint Kallima delivers events to.
"https://your-service.example.com/webhooks/kallima"
Whether deliveries are being attempted.
ISO-8601 creation timestamp (UTC).
ISO-8601 last-updated timestamp (UTC).
Polymorphic discriminator. Always webhook.
Subscribed event types. null means all events.
Webhook signing secret. Returned only at creation time — subsequent reads omit this field. Store it immediately; it cannot be recovered. Rotate via PATCH rotate_secret=true.
"whsec_AbCdEfGhIjKlMnOpQrStUvWx1234567890ABCDEF"