Skip to main content
GET
/
apps
/
{client_id}
/
webhook_config
curl -H "Authorization: Bearer sk_workspace_test_..." \
  "https://sandbox.api.hopae.com/connect/v1/apps/abc123/webhook_config"

{
  "url": "https://hooks.example.com/hopae",
  "enabled": true,
  "retryAttempts": 3,
  "timeoutSeconds": 10,
  "secret": "",
  "events": [
    "verification.initiated",
    "verification.completed",
    "verification.awaiting_user_action",
    "verification.failed",
    "verification.expired",
    "verification.cancelled"
  ],
  "_id": "69c645e5756d7730ebef70ba"
}

Documentation Index

Fetch the complete documentation index at: https://docs.hopae.com/llms.txt

Use this file to discover all available pages before exploring further.

Returns the webhook delivery configuration for an app.

Request

Authorization
string
required
Bearer <API_KEY> from Console > Developers > Workspace API Keys.

Path parameters

client_id
string
required
Client identifier of the app.

Response

url
string
Destination URL for webhook delivery.
enabled
boolean
Whether webhooks are sent.
retryAttempts
number
Stored configuration value. The delivery pipeline currently uses a workspace-wide default (3 attempts at 1s / 5s / 30s) rather than this per-app value. Per-app override is on the roadmap.
timeoutSeconds
number
Stored configuration value. The delivery pipeline currently uses a workspace-wide default (10s). Per-app override is on the roadmap.
secret
string
Webhook signing secret.
events
string[]
Subscribed webhook events. See the Webhook Event Types reference for the full list. Common values: verification.created, verification.completed, verification.failed, verification.session.timed_out, verification.workflow.cancelled.
_id
string
Webhook config identifier.
curl -H "Authorization: Bearer sk_workspace_test_..." \
  "https://sandbox.api.hopae.com/connect/v1/apps/abc123/webhook_config"

{
  "url": "https://hooks.example.com/hopae",
  "enabled": true,
  "retryAttempts": 3,
  "timeoutSeconds": 10,
  "secret": "",
  "events": [
    "verification.initiated",
    "verification.completed",
    "verification.awaiting_user_action",
    "verification.failed",
    "verification.expired",
    "verification.cancelled"
  ],
  "_id": "69c645e5756d7730ebef70ba"
}
Webhooks are signed via HMAC-SHA256 using the app’s webhook secret. Each delivery includes an X-Hopae-Signature header in the format t=<unix-timestamp>,v1=<hex-hmac-sha256>. See the Webhook Signature Verification guide for verification code and replay-protection recommendations.