Middesk APIWebhooks

Create a webhook

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Request

This endpoint expects an object.
urlstringRequired
Webhook endpoint URL
enabled_eventslist of stringsRequired

Array of event types to subscribe to, or [”*”] for all events

secretstringOptional
Secret for webhook signature verification
includestringOptional

Comma-delimited list of associations to include in webhook payloads. Omit or set to ”*” for all. Use “identifiers” to receive only top-level scalar fields (id, external_id, name, status, etc.) with no associations.

oidc_auth_methodenumOptional
OIDC authentication method for obtaining access tokens. Required when configuring OIDC. 'private_key_jwt' — requires oidc_client_id, oidc_token_endpoint, oidc_access_token_ttl_seconds. 'client_secret' — requires oidc_client_id, oidc_client_secret, oidc_token_endpoint, oidc_access_token_ttl_seconds. Both methods optionally accept oidc_scope and oidc_resource_uri.
Allowed values:
oidc_client_idstringOptional
OIDC client ID. Required for both auth methods.
oidc_client_secretstringOptional

OIDC client secret. Required when oidc_auth_method is ‘client_secret’. Write-only; never returned in responses.

oidc_token_endpointstringOptional
OIDC token endpoint URL. Required for both auth methods.
oidc_resource_uristringOptional

Optional. OIDC resource URI (Microsoft-specific; use oidc_scope for standard OAuth 2.0).

oidc_scopestringOptional

Optional. OAuth 2.0 scope for the token request (e.g. “api://<app-id>/.default”).

oidc_access_token_ttl_secondsintegerOptional
OIDC access token TTL in seconds. Required for both auth methods.

Response

webhook created with wildcard events

Errors

422
Create Webhook Request Unprocessable Entity Error