Skip to main content
Manage your webhook endpoints programmatically through the /v1/webhooks API. All endpoints require authentication with your API key.

Create an endpoint

Register a new webhook endpoint. You’ll receive a signing secret in the response — store it securely, as it’s only shown once.
curl -X POST https://api.yoshi.ai/v1/webhooks/endpoints \
  -H "Authorization: Bearer yoshi_3xK9mP..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/webhooks/yoshi",
    "description": "Production webhook handler",
    "filter_types": ["transaction.created", "account.connected"]
  }'
{
  "data": {
    "id": "ep_a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "url": "https://example.com/webhooks/yoshi",
    "description": "Production webhook handler",
    "filter_types": ["transaction.created", "account.connected"],
    "status": "active",
    "secret": "whsec_REPLACE_WITH_YOUR_SIGNING_SECRET",
    "created_at": "2026-04-10T12:00:00.000Z"
  },
  "meta": {
    "request_id": "req_a1b2c3d4",
    "timestamp": "2026-04-10T12:00:00.000Z"
  }
}
ParameterTypeRequiredDescription
urlstringYesHTTPS URL where events will be delivered.
descriptionstringNoHuman-readable label for the endpoint. Max 256 characters.
filter_typesstring[]NoEvent types to subscribe to. Empty array or omitted means all events. See the event catalog.
The secret field is only included in the create response. Store it immediately in a secure location like an environment variable or secrets manager. If you lose it, you can rotate to get a new one.
Limits: You can register up to 5 active endpoints per API key. URLs must use HTTPS.

List endpoints

curl https://api.yoshi.ai/v1/webhooks/endpoints \
  -H "Authorization: Bearer yoshi_3xK9mP..."
{
  "data": {
    "endpoints": [
      {
        "id": "ep_a1b2c3d4-e5f6-7890-abcd-ef1234567890",
        "url": "https://example.com/webhooks/yoshi",
        "description": "Production webhook handler",
        "filter_types": ["transaction.created", "account.connected"],
        "status": "active",
        "created_at": "2026-04-10T12:00:00.000Z",
        "updated_at": "2026-04-10T12:00:00.000Z"
      }
    ]
  },
  "meta": {
    "request_id": "req_a1b2c3d4",
    "timestamp": "2026-04-10T12:00:00.000Z"
  }
}

Get an endpoint

curl https://api.yoshi.ai/v1/webhooks/endpoints/{endpoint_id} \
  -H "Authorization: Bearer yoshi_3xK9mP..."

Update an endpoint

Update the URL, description, event filters, or status of an existing endpoint. Only include the fields you want to change.
curl -X PUT https://api.yoshi.ai/v1/webhooks/endpoints/{endpoint_id} \
  -H "Authorization: Bearer yoshi_3xK9mP..." \
  -H "Content-Type: application/json" \
  -d '{
    "description": "Updated production handler",
    "filter_types": ["transaction.created", "balance.updated"],
    "status": "active"
  }'
ParameterTypeDescription
urlstringNew HTTPS URL.
descriptionstring | nullUpdated description, or null to clear.
filter_typesstring[]Updated event type filter. Empty array means all events.
statusstring"active" or "disabled".

Delete an endpoint

Permanently remove a webhook endpoint. This immediately stops all future deliveries to this URL.
curl -X DELETE https://api.yoshi.ai/v1/webhooks/endpoints/{endpoint_id} \
  -H "Authorization: Bearer yoshi_3xK9mP..."
{
  "data": {
    "deleted": true
  },
  "meta": {
    "request_id": "req_a1b2c3d4",
    "timestamp": "2026-04-10T12:00:00.000Z"
  }
}

Rotate signing secret

Generate a new signing secret for an endpoint. During the rotation window, both the old and new secrets are valid — see the verification guide for handling this.
curl -X POST https://api.yoshi.ai/v1/webhooks/endpoints/{endpoint_id}/rotate \
  -H "Authorization: Bearer yoshi_3xK9mP..."
{
  "data": {
    "secret": "whsec_REPLACE_WITH_YOUR_ROTATED_SECRET"
  },
  "meta": {
    "request_id": "req_a1b2c3d4",
    "timestamp": "2026-04-10T12:00:00.000Z"
  }
}
Store the new secret immediately. Like the initial secret, it is only returned once.

List event types

Get all available event types that you can subscribe to:
curl https://api.yoshi.ai/v1/webhooks/events \
  -H "Authorization: Bearer yoshi_3xK9mP..."
{
  "data": {
    "event_types": [
      { "type": "account.connected", "description": "A new financial account was linked." },
      { "type": "account.disconnected", "description": "Account access was revoked." },
      { "type": "transaction.created", "description": "New transaction(s) synced from institution." },
      { "type": "balance.updated", "description": "Account balance refreshed." },
      { "type": "score.updated", "description": "Financial health scores recalculated." }
    ]
  },
  "meta": {
    "request_id": "req_a1b2c3d4",
    "timestamp": "2026-04-10T12:00:00.000Z"
  }
}
For full payload examples, see the event catalog.

API reference

MethodEndpointDescription
POST/v1/webhooks/endpointsCreate a webhook endpoint
GET/v1/webhooks/endpointsList all endpoints
GET/v1/webhooks/endpoints/{id}Get endpoint details
PUT/v1/webhooks/endpoints/{id}Update an endpoint
DELETE/v1/webhooks/endpoints/{id}Delete an endpoint
POST/v1/webhooks/endpoints/{id}/testSend a test event
POST/v1/webhooks/endpoints/{id}/rotateRotate signing secret
GET/v1/webhooks/eventsList available event types
GET/v1/webhooks/deliveriesList delivery attempts
GET/v1/webhooks/portalGet self-service portal URL
Last modified on April 22, 2026