Create Webhook
Endpoint: POST /webhooks
Body
| Name | Type | Required | Description |
|---|---|---|---|
url | string | Yes | Must be HTTPS and cannot target private/internal addresses. |
events | string[] | Yes | Any of: post.published, post.failed, post.partial. |
workspace_id | string | No | Team account scope. |
Response
Returns webhook metadata and secret once:
{
"data": {
"id": "uuid",
"url": "https://example.com/webhooks/postixly",
"events": ["post.published", "post.failed"],
"active": true,
"created_at": "2026-03-23T18:00:00.000Z",
"secret": "returned_once_only"
}
}Delivery headers
When events are delivered, the worker sends:
X-Social-Publisher-EventX-Social-Publisher-Signature: sha256=<hmac>
Signature is HMAC-SHA256 over the raw JSON body using the webhook secret.