POST
/
v1
/
webhook-endpoints
curl https://api.geldstuck.com/v1/webhook-endpoints \
  -H "x-api-key: $GELDSTUCK_PUBLIC_KEY" \
  -H "x-api-secret: $GELDSTUCK_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://api.acme.com/webhooks/geldstuck",
    "events": ["kyc.*", "transaction.*"],
    "description": "Prod receiver"
  }'

{
  "id": "wh_01HX3ZY...",
  "url": "https://api.acme.com/webhooks/geldstuck",
  "events": ["kyc.*", "transaction.*"],
  "status": "active",
  "secret": "whsec_endpoint_xS...",
  "description": "Prod receiver",
  "createdAt": "2026-04-22T13:00:00.000Z"
}

Body

url
string
required
HTTPS URL. HTTP is rejected.
events
array
required
Array of event types or patterns. Supports *, prefix.*, or exact matches.
description
string
Human-readable label.
disabled
boolean
default:"false"
Create in disabled state for staging. You can flip this later.

Returns

The endpoint object, with a secret field (shown once) you can use to verify signatures for this specific endpoint. If omitted, the tenant-wide webhook secret is used. 
curl https://api.geldstuck.com/v1/webhook-endpoints \
  -H "x-api-key: $GELDSTUCK_PUBLIC_KEY" \
  -H "x-api-secret: $GELDSTUCK_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://api.acme.com/webhooks/geldstuck",
    "events": ["kyc.*", "transaction.*"],
    "description": "Prod receiver"
  }'

{
  "id": "wh_01HX3ZY...",
  "url": "https://api.acme.com/webhooks/geldstuck",
  "events": ["kyc.*", "transaction.*"],
  "status": "active",
  "secret": "whsec_endpoint_xS...",
  "description": "Prod receiver",
  "createdAt": "2026-04-22T13:00:00.000Z"
}