# Create a new webhook

Creates a webhook for receiving callbacks on specific triggers.
You can create up to 5 webhooks per app.

Endpoint: POST /v1/projects/{project_id}/webhooks
Version: 1.0
Security: Basic, oAuth2

## Path parameters:

  - `project_id` (string, required)
    The unique ID of the project. You can find this on the Sinch Dashboard.

## Request fields (application/json):

  - `target` (string, required)
    The target url where events should be sent to.
Maximum URL length is 742.
The conversation-api.*.sinch.com subdomains are forbidden.

  - `app_id` (string, required)
    The app that this webhook belongs to.

  - `client_credentials` (object)
    Optional. Used for OAuth2 authentication.

  - `client_credentials.client_id` (string, required)
    The Client ID that will be used in the OAuth2 Client Credentials flow.

  - `client_credentials.client_secret` (string, required)
    The Client Secret that will be used in the OAuth2 Client Credentials flow.

  - `client_credentials.endpoint` (string, required)
    The endpoint that will be used in the OAuth2 Client Credentials flow. Expected to return a JSON with an access token and expires_in value (in seconds). The expires_in value, which must be a minimum of 30 seconds and a maximum of 3600 seconds, is how long Sinch will save the access token before asking for a new one.

  - `client_credentials.scope` (string)
    Optional. Space-separated string per RFC 6749. Used to limit the access granted by the token.
Max length: 1024 characters.
If blank or omitted, this is not included in the token request.

  - `client_credentials.response_type` (string)
    Optional. When granting client_credentials, this is generally omitted. If you do provide a value, it will be forwarded to your OAuth provider as-is.
Max length: 64 characters.

  - `client_credentials.token_request_type` (string)
    Optional. Controls how client_id and client_secret are sent to the token endpoint. Either BASIC or FORM. If not set or unrecognized, BASIC is used by default.
    Enum: "BASIC", "FORM"

  - `secret` (string)
    Optional secret be used to sign contents of webhooks sent by the Conversation API.
You can then use the secret to verify the signature.

  - `target_type` (string)
    Enum: "DISMISS", "HTTP"

  - `triggers` (array)
    An array of triggers that should trigger the webhook and result in an
event being sent to the target url.
Refer to the list of [Webhook Triggers](https://developers.sinch.com/docs/conversation/callbacks/#webhook-triggers)
for a complete list.
    Enum: "UNSPECIFIED_TRIGGER", "MESSAGE_DELIVERY", "EVENT_DELIVERY", "MESSAGE_INBOUND", "EVENT_INBOUND", "CONVERSATION_START", "CONVERSATION_STOP", "CONTACT_CREATE", "CONTACT_DELETE", "CONTACT_MERGE", "CONTACT_UPDATE", "UNSUPPORTED", "OPT_IN", "OPT_OUT", "CAPABILITY", "CONVERSATION_DELETE", "CONTACT_IDENTITIES_DUPLICATION", "CHANNEL_EVENT", "SMART_CONVERSATION", "MESSAGE_INBOUND_SMART_CONVERSATION_REDACTION", "RECORD_NOTIFICATION", "MESSAGE_SUBMIT"

## Response 200 fields (application/json):

  - `target` (string, required)
    The target url where events should be sent to.
Maximum URL length is 742.
The conversation-api.*.sinch.com subdomains are forbidden.

  - `app_id` (string)
    The app that this webhook belongs to.

  - `client_credentials` (object)
    Optional. Used for OAuth2 authentication.

  - `client_credentials.client_id` (string, required)
    The Client ID that will be used in the OAuth2 Client Credentials flow.

  - `client_credentials.client_secret` (string, required)
    The Client Secret that will be used in the OAuth2 Client Credentials flow.

  - `client_credentials.endpoint` (string, required)
    The endpoint that will be used in the OAuth2 Client Credentials flow. Expected to return a JSON with an access token and expires_in value (in seconds). The expires_in value, which must be a minimum of 30 seconds and a maximum of 3600 seconds, is how long Sinch will save the access token before asking for a new one.

  - `client_credentials.scope` (string)
    Optional. Space-separated string per RFC 6749. Used to limit the access granted by the token.
Max length: 1024 characters.
If blank or omitted, this is not included in the token request.

  - `client_credentials.response_type` (string)
    Optional. When granting client_credentials, this is generally omitted. If you do provide a value, it will be forwarded to your OAuth provider as-is.
Max length: 64 characters.

  - `client_credentials.token_request_type` (string)
    Optional. Controls how client_id and client_secret are sent to the token endpoint. Either BASIC or FORM. If not set or unrecognized, BASIC is used by default.
    Enum: "BASIC", "FORM"

  - `id` (string)
    The ID of the webhook.

  - `secret` (string)
    Optional secret be used to sign contents of webhooks sent by the Conversation API.
You can then use the secret to verify the signature.

  - `target_type` (string)
    Enum: "DISMISS", "HTTP"

  - `triggers` (array)
    An array of triggers that should trigger the webhook and result in an
event being sent to the target url.
Refer to the list of [Webhook Triggers](https://developers.sinch.com/docs/conversation/callbacks/#webhook-triggers)
for a complete list.
    Enum: "UNSPECIFIED_TRIGGER", "MESSAGE_DELIVERY", "EVENT_DELIVERY", "MESSAGE_INBOUND", "EVENT_INBOUND", "CONVERSATION_START", "CONVERSATION_STOP", "CONTACT_CREATE", "CONTACT_DELETE", "CONTACT_MERGE", "CONTACT_UPDATE", "UNSUPPORTED", "OPT_IN", "OPT_OUT", "CAPABILITY", "CONVERSATION_DELETE", "CONTACT_IDENTITIES_DUPLICATION", "CHANNEL_EVENT", "SMART_CONVERSATION", "MESSAGE_INBOUND_SMART_CONVERSATION_REDACTION", "RECORD_NOTIFICATION", "MESSAGE_SUBMIT"

## Response 400 fields (application/json):

  - `error` (object)

  - `error.code` (integer)

  - `error.details` (array)

  - `error.details.type_url` (string)

  - `error.details.value` (string)

  - `error.message` (string)

  - `error.status` (string)

## Response 403 fields (application/json):

  - `error` (object)

  - `error.code` (integer)

  - `error.details` (array)

  - `error.details.type_url` (string)

  - `error.details.value` (string)

  - `error.message` (string)

  - `error.status` (string)

## Response 500 fields (application/json):

  - `error` (object)

  - `error.code` (integer)

  - `error.details` (array)

  - `error.details.type_url` (string)

  - `error.details.value` (string)

  - `error.message` (string)

  - `error.status` (string)

## Response 501 fields (application/json):

  - `error` (object)

  - `error.code` (integer)

  - `error.details` (array)

  - `error.details.type_url` (string)

  - `error.details.value` (string)

  - `error.message` (string)

  - `error.status` (string)