Skip to main content
PUT
/
webhook
/
endpoints
/
ensure
Ensure Webhook Endpoint
curl --request PUT \
  --url https://uat-api.clinkbill.com/api/webhook/endpoints/ensure \
  --header 'Content-Type: application/json' \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-Timestamp: <api-key>' \
  --data '
{
  "url": "https://example.com/api/clink/webhook",
  "events": [
    "session.complete",
    "order.succeeded"
  ],
  "description": "Created through the API",
  "enabled": true,
  "returnSigningSecret": true,
  "rotateSecretIfUnavailable": true,
  "rotateSecret": false
}
'
{
  "code": 200,
  "msg": "Success",
  "data": {
    "endpoint": {
      "id": "whk_xxxxx",
      "url": "https://example.com/api/clink/webhook",
      "events": [
        "session.complete",
        "order.succeeded"
      ],
      "enabled": true,
      "signingSecret": "whsec_xxxxx",
      "maskedSigningSecret": "whsec_...abcd",
      "description": "Created through the API",
      "createdAt": 1782112780956,
      "updatedAt": 1782113780956
    },
    "signingSecretAvailable": true,
    "signingSecretUnavailableReason": "EXISTING_SECRET_NOT_RETURNABLE",
    "nextAction": "CALL_ROTATE_SECRET_OR_RETRY_ENSURE_WITH_ROTATE_SECRET_IF_UNAVAILABLE"
  }
}

Authorizations

X-API-KEY
string
header
required

Your secret API key obtained from the Clink dashboard (Developers section)

X-Timestamp
string
header
required

Current timestamp in milliseconds since Unix epoch (required for request signing)

Body

application/json
url
string<uri>
required

HTTPS endpoint URL. Used as the idempotency key for this merchant.

Maximum string length: 512
Example:

"https://example.com/api/clink/webhook"

events
enum<string>[]
required

Event names to subscribe to. Numeric event codes are not accepted.

Minimum array length: 1

Supported webhook event name. Public API requests use event names, not numeric event codes.

Available options:
order.created,
order.succeeded,
order.failed,
refund.created,
refund.succeeded,
refund.failed,
subscription.created,
subscription.trialing,
subscription.activated,
subscription.incomplete_expired,
subscription.past_due,
subscription.cancelled,
invoice.open,
invoice.paid,
invoice.void,
order.next_action,
subscription.updated.plan_changed,
subscription.updated.plan_change_canceled,
subscription.updated.renewed,
subscription.updated.cancel_at_period_end_set,
subscription.updated.cancel_at_period_end_revoked,
session.complete,
session.expired,
dispute.created,
dispute.updated,
dispute.won,
dispute.lost,
dispute.closed,
customer.verify,
payment_method.added,
payment_method.default_change,
risk_rule.updated,
agent_order.succeeded,
agent_order.failed,
agent_refund.succeeded,
agent_refund.failed,
agent_refund.approved,
agent_refund.rejected,
payment_method.update,
purchase_instruction.created,
purchase_instruction.activated,
purchase_instruction.updated,
purchase_instruction.cancelled,
vic_device.binding_succeeded
Example:
["session.complete", "order.succeeded"]
description
string

Optional endpoint description.

Maximum string length: 512
Example:

"Created through the API"

enabled
boolean
default:true

Whether the endpoint is enabled.

returnSigningSecret
boolean

Whether the caller wants a plaintext signingSecret when available.

rotateSecretIfUnavailable
boolean

If true, rotate the existing secret when the stored secret cannot be returned as plaintext.

rotateSecret
boolean

If true, always rotate the signing secret for an existing endpoint.

Response

Webhook endpoint ensured successfully

Body of the response message

code
integer<int32>

Response status code, 200 when success

Example:

200

msg
string

Brief description of what happened, 'success' when happy case

Example:

"Success"

data
object