Creates a new webhook subscription.

Usage Example

POST /api/v1/webhooks
{
  "url": "https://your-server.com/webhooks/propstreet",
  "events": ["contact.created", "contact.updated", "contact.deleted"],
  "name": "CRM Sync Webhook"
}

Important

  • The secret is only returned once during creation. Store it securely.
  • The secret uses the whsec_ prefix followed by base64-encoded key material.
  • The URL must be HTTPS.
  • Use the secret to verify webhook signatures per the Standard Webhooks spec.

Signature Verification (Python example)

import hmac, hashlib, base64

def verify_signature(payload, msg_id, timestamp, signature, secret):
    # Decode secret (strip whsec_ prefix, base64-decode)
    key = base64.b64decode(secret[6:] if secret.startswith('whsec_') else secret)
    # Construct signed payload: {msg_id}.{timestamp}.{payload}
    signed = f"{msg_id}.{timestamp}.{payload}"
    computed = base64.b64encode(hmac.new(key, signed.encode(), hashlib.sha256).digest()).decode()
    expected = signature.split(',')[1]  # Parse v1,{base64} format
    return hmac.compare_digest(computed, expected)

See the Webhooks Guide for full documentation.

Body·
required

Webhook configuration

Request to create a new webhook.

  • events
    Type: array string[]
    required

    List of event types to subscribe to. Valid values: contact.created, contact.updated, contact.deleted, company.created, company.updated, company.deleted, link.created, link.updated, link.deleted, project.created, project.updated, project.deleted, prospect.created, prospect.updated, prospect.deleted

  • url
    Type: string
    required

    The HTTPS URL where webhook payloads will be delivered.

  • name
    Type: null | string

    Optional human-readable name for the webhook.

Responses
  • application/json
  • application/problem+json
  • application/problem+json
  • application/problem+json
Request Example for post/api/v1/webhooks
curl https://app.propstreet.com/api/v1/webhooks \
  --request POST \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --data '{
  "url": "",
  "events": [
    ""
  ],
  "name": null
}'

{
  "secret": "string",
  "id": "string",
  "url": "string",
  "events": [
    "string"
  ],
  "name": null,
  "status": "string",
  "createdUtc": "2026-05-18T20:22:36.959Z",
  "updatedUtc": null
}

Webhook created successfully

Propstreet API Documentation