Skip to content

Webhooks

The webhooks endpoints manage persistent endpoints that receive signed job.succeeded and job.failed events. For the event flow, payloads, and signature verification, see the Webhooks guide; this page is the CRUD reference.

MethodPathWhat it does
POST/v1/webhooksRegister an endpoint; returns the secret once
GET/v1/webhooksList your webhooks (without secrets)
DELETE/v1/webhooks/{id}Remove a webhook; delivery stops immediately
GET/v1/webhooks/{id}/deliveriesList delivery attempts for one webhook
Terminal window
curl "https://api.rolesapi.com/v1/webhooks" \
-H "Authorization: Bearer rk_live_your_key"

POST /v1/webhooks

ParameterInTypeRequiredDescription
urlbodystringYesHTTPS endpoint to deliver events to.
eventsbodystring[]NoAny of job.succeeded, job.failed. Default: both.
Terminal window
curl -X POST "https://api.rolesapi.com/v1/webhooks" \
-H "Authorization: Bearer rk_live_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/hooks/rolesapi", "events": ["job.succeeded", "job.failed"]}'
{
"data": {
"id": "wh_01habc",
"url": "https://example.com/hooks/rolesapi",
"events": ["job.succeeded", "job.failed"],
"secret": "whsec_9f2c4e6a8b0d1f3a5c7e9b2d4f6a8c0e",
"active": true,
"created_at": "2026-07-01T09:15:00Z"
},
"request_id": "req_0b3d55e7"
}

The secret appears only in this response. It is used to sign every delivery (x-rolesapi-signature); store it in a secrets manager immediately. It cannot be retrieved later — to get a new secret, delete the webhook and create another.

Errors: 400 invalid_request for a non-HTTPS URL or unknown event name.

GET /v1/webhooks

Returns your webhooks in the standard list envelope. The webhook object:

FieldTypeMeaning
idstringWebhook id, wh_....
urlstringDestination endpoint.
eventsstring[]Subscribed events.
activebooleanWhether deliveries are being attempted.
created_atstringISO 8601.
last_delivery_atstring or nullTime of the most recent delivery attempt.

The secret field is never included after creation.

DELETE /v1/webhooks/{id}

Terminal window
curl -X DELETE "https://api.rolesapi.com/v1/webhooks/wh_01habc" \
-H "Authorization: Bearer rk_live_your_key"

Deletion is immediate — no further deliveries are attempted, including retries of past failures. 404 not_found if the id does not exist on your account.

GET /v1/webhooks/{id}/deliveries

Lists delivery attempts, newest first, with limit/offset pagination. Use it to debug an endpoint that is not receiving events.

{
"data": [
{
"id": "whd_01hdef",
"webhook_id": "wh_01habc",
"event": "job.succeeded",
"status": "succeeded",
"attempt": 2,
"response_status": 200,
"created_at": "2026-07-01T09:33:05Z"
},
{
"id": "whd_01hdee",
"webhook_id": "wh_01habc",
"event": "job.succeeded",
"status": "failed",
"attempt": 1,
"response_status": 503,
"created_at": "2026-07-01T09:32:41Z"
}
],
"meta": { "total": 2, "count": 2, "limit": 50, "offset": 0, "has_more": false },
"request_id": "req_7f19c30a"
}
FieldTypeMeaning
idstringDelivery id, whd_....
eventstringjob.succeeded or job.failed.
statusstringsucceeded (2xx received) or failed.
attemptinteger1 for the first try, incrementing on each retry.
response_statusinteger or nullHTTP status your endpoint returned; null on timeout.
created_atstringWhen the attempt was made.

Failed deliveries are retried with increasing delay; each retry appears as a new record with a higher attempt. Make handlers idempotent — a slow 2xx can race a retry and produce duplicates.

RolesAPI is not affiliated with, endorsed by, or sponsored by Indeed, Inc. Indeed is a registered trademark of Indeed, Inc. RolesAPI provides access to publicly available data via a stable REST API.