> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ledgersyncappv2.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhook delivery volume, success rate, and latency

> Aggregated webhook-attempt stats over the requested window.
Returns total deliveries, success vs failure counts, p95
end-to-end latency (event creation to attempted delivery), and
the top failing event types (top 10 by failure count).




## OpenAPI

````yaml /openapi.yaml get /metrics/webhook-delivery
openapi: 3.1.0
info:
  title: LedgerSync API
  version: '2026-05-22'
  summary: A modern REST API for connecting bank accounts and pulling financial data
  description: >
    > **First time here?** The [**Getting started**
    guide](https://portal.ledgersyncappv2.com/dashboard/getting-started) walks
    the full integration end-to-end (about 15 minutes). This page is the
    endpoint reference for after you've read it.


    Welcome. This is LedgerSync's API for connecting your users' bank

    accounts and pulling their transactions, statements, and account

    details.


    Everything is JSON over HTTPS. Errors are easy to read. Webhooks

    fire as state changes. Sandbox is one key away.


    ## Connection lifecycle and the two `connection.id` formats


    A Connection's `id` changes shape once the user finishes linking

    their bank — there are two distinct identifiers, and you must

    only use the canonical one to read accounts, transactions, or

    statements.


    1. **Placeholder id (pending state).** `POST /v3/clients/{id}/connections`
       returns `202 Accepted`. The initiate operation first surfaces
       a `connection_with_action` result whose embedded
       `connection.id` is a UUID-prefixed placeholder of the form
       `con_<uuid>` (e.g. `con_01HXYZ8A6N7K2W9PQ4T5Z3V6E0`), paired
       with a `widget_url`. The placeholder is **not** a valid id for
       any other endpoint — calling
       `GET /v3/connections/{placeholder_uuid}` returns
       `400 Bad Request` with `missing source separator`. Treat it as
       opaque routing state for the widget step only.
    2. **Canonical id (active state).** Once the user finishes the
       widget and the source pushes its first callback, the
       connection moves to `status=active` and the
       `connection.active` webhook fires. From that point on every
       surface — `GET /v3/clients/{id}/connections`,
       `GET /v3/connections/{id}`, the webhook payload, and the
       `connection.initiate` operation when re-polled — reports the
       canonical id `con_<SOURCE>_<bankAccountId>` (for example
       `con_FINICITY_41294`, `con_MX_1224`). **This** is the id every
       other endpoint accepts (`/accounts`, `/transactions`,
       `/statements`, refresh, delete).

    The correct integration pattern is therefore:


    - Initiate the connection, capture `operation_id`.

    - Poll `GET /v3/operations/{operation_id}` (or wait for the
      `connection.active` webhook) until `status=succeeded`.
    - Read `result.connection.id` **from the succeeded operation** —
      that is the canonical id. Store it; do not store the
      placeholder.

    Do not try to `GET /v3/connections/{placeholder_uuid}` during the

    pending window. Listing endpoints

    (`GET /v3/clients/{id}/connections`, `GET /v3/connections/{id}`)

    only ever return canonical ids, because they only surface

    connections that have reached `active`.


    ## Quick start


    Mint a sandbox key in the developer portal, then create your first

    **Client** (your end-user — the person whose bank we'll be reading):


    ```bash

    curl \
      https://api-sandbox.ledgersyncappv2.com/v3/clients \
      -H "Authorization: Bearer sk_test_..." \
      -H "Content-Type: application/json" \
      -d '{"email":"alice@example.com","name":"Alice"}'
    ```


    You'll get back a `Client` object with an `id`. From there the

    full flow is:


    1. **Register a webhook** at `POST /v3/webhooks/subscriptions` so
       you can be notified when the connection progresses.
    2. **Initiate a connection** at
       `POST /v3/clients/{id}/connections` with an `institution_id`
       from `GET /v3/institutions`. LedgerSync's router picks the
       underlying source. Every source hands back a `widget_url` in
       the `connection.requires_action` result — for FDE it points at
       a LedgerSync-hosted connect page where credentials are entered,
       never sent to the API.
    3. **Open the widget URL** in your user's browser. They pick
       their bank, log in, and choose accounts to share.
    4. **Receive `connection.active`** on your webhook URL. List
       accounts and transactions.

    **Don't want to build your own bank picker?** Skip steps 2–3: call

    `POST /v3/clients/{id}/connect-session` to get a LedgerSync-hosted

    link, and email it to your member. They open it, search for their

    own bank, pick it, and connect it — all on a page we host, with no

    `institution_id` needed up front. You still receive

    `connection.active` on your webhook exactly as above. Revoke a link

    at any time with `DELETE /v3/clients/{id}/connect-session/{sid}`.

    (This is the v3 replacement for the old `account/add/lite` widget.)


    Want a step-by-step walkthrough with curl per step plus a sandbox

    shortcut that skips the widget? Read the

    [Getting started
    guide](https://portal.ledgersyncappv2.com/dashboard/getting-started).


    ## Authentication


    Pass your secret key in the `Authorization` header as a Bearer

    token: `Authorization: Bearer sk_test_...` (sandbox) or

    `Bearer sk_live_...` (production). Treat secret keys like

    passwords — never embed them in mobile apps or front-end code.


    ## Conventions


    **Sync vs async.** Most endpoints respond synchronously — you

    get the resource back right away. A handful of flows are

    genuinely async (initiating a bank connection, extracting a

    statement, generating a verification report); those return

    `202 Accepted`

    with an `operation_id` you can poll, and the matching webhook

    fires when the work finishes.


    **Errors.** Every error is `{ "error": { "code", "message", "doc_url",
    "type" } }`.

    Branch on `code`. Click `doc_url` for the troubleshooting page.

    Every response carries an `X-LS-Trace-Id` header — paste it in

    support tickets and we can jump straight to your request.


    **Webhooks.** Every delivery carries `X-LS-Webhook-Signature`,

    computed over the **raw request body** with HMAC-SHA256. Verify

    it before trusting the payload. Full event catalog + signature

    example on the [Webhooks tab](#webhooks).


    ## Need help?


    Email [support@ledgersync.com](mailto:support@ledgersync.com) or

    open a thread in the developer portal. Quote the `X-LS-Trace-Id`

    from your response — it makes everything faster.
  contact:
    name: LedgerSync Developer Support
    email: support@ledgersync.com
    url: https://portal.ledgersyncappv2.com
  license:
    name: Proprietary
    url: https://ledgersync.com/terms
servers:
  - url: https://api-sandbox.ledgersyncappv2.com/v3
    description: >-
      Sandbox — use `sk_test_...` keys from the developer portal. Routes to the
      real Finicity and MX sandbox banks (FinBank, mxbank) via the same
      connector code paths as production.
  - url: https://api.ledgersyncappv2.com/v3
    description: >-
      Production — use `sk_live_...` keys. Hits real banks via Finicity, MX, or
      FDE depending on the connection.
security:
  - bearer: []
tags:
  - name: Clients
    description: |
      A **Client** is the end-user whose bank accounts you're managing
      — usually a real person or business. You create one Client per
      user before linking any accounts. Pass your own
      `external_id` to join Clients back to records in your system.
  - name: Connections
    description: |
      A **Connection** links a Client to a bank or financial-data
      source (Finicity, MX, or FDE). One Client can have many
      Connections — one per bank they've linked. You initiate a
      Connection, the user finishes it (widget or MFA), and a
      `connection.active` webhook tells you when it's ready.
  - name: Accounts
    description: |
      Once a Connection goes active, the bank's accounts (checking,
      savings, credit, loans) show up here. Use these endpoints to
      list, inspect, and refresh them.
  - name: Transactions
    description: |
      Posted transactions and pending charges for an account. New
      transactions are surfaced by a future push-delivery event for
      transactions after each refresh; you can also list/page them
      directly.
  - name: Statements
    description: |
      Period statements (usually monthly PDFs) the bank publishes.
      For FDE-sourced statements, extracted line items are attached
      after OCR completes.
  - name: Operations
    description: |
      The handful of LedgerSync calls that genuinely run asynchronously
      return an `operation_id`. Poll it here, or just listen for the
      matching webhook — your call.
  - name: Webhooks
    description: |
      Manage where LedgerSync delivers event notifications. Each
      subscription has its own HMAC signing secret. Rotate it whenever
      you want — the old secret stays valid for 24 hours so deploys
      don't break verification.
  - name: ApiKeys
    description: |
      Create, list, and revoke API keys. Keys are scoped to one
      environment (sandbox or live). The plaintext secret is returned
      exactly once at creation — store it somewhere safe.
  - name: Institutions
    description: |
      The unified v3 institution catalog. Search by name; pick a row;
      pass its `id` to `POST /clients/{client_id}/connections`.
      LedgerSync's router decides which underlying source (Finicity,
      MX) to use — integrators don't pick a source.
  - name: Settings
    description: |
      Account-level settings the integrator manages once per environment.
      Currently exposes the redirect-URL allowlist consulted at
      `/connections/initiate`. Same scope as Stripe Connect / Plaid Link /
      OAuth — register your app's redirect URIs once, not per end-user.
  - name: Sandbox
    description: |
      Sandbox-only helpers. Use `GET /sandbox/institutions` to list
      the sandbox-eligible test banks you can target when creating a
      sandbox connection (Finicity FinBank, MX `mxbank`, FDE test
      extractors). Lifecycle transitions and webhooks come from the
      same real connector paths as live traffic — no synthetic
      lifecycle driver, no replay fixtures. Drive the widget with
      the public test bank credentials documented in the developer
      portal.
  - name: Metrics
    description: |
      Read-only aggregations powering the developer portal's "Metrics"
      page. Every endpoint is scoped to the authenticated principal's
      customer and environment — `sandbox` and `live` data never mix
      across the wire. Default window when `from`/`to` are omitted is
      the last 30 days (max 366).
  - name: Health
    description: A simple liveness probe. No auth required.
  - name: PortalGating
    description: |
      Developer-portal access-request endpoints (sandbox + live gating).
      These are HMAC-signed calls from the LedgerSync portal to v3 and not
      part of the integrator-facing API surface. Documented here so the
      single spec stays authoritative.
paths:
  /metrics/webhook-delivery:
    get:
      tags:
        - Metrics
      summary: Webhook delivery volume, success rate, and latency
      description: |
        Aggregated webhook-attempt stats over the requested window.
        Returns total deliveries, success vs failure counts, p95
        end-to-end latency (event creation to attempted delivery), and
        the top failing event types (top 10 by failure count).
      operationId: getMetricsWebhookDelivery
      parameters:
        - $ref: '#/components/parameters/MetricsFrom'
        - $ref: '#/components/parameters/MetricsTo'
      responses:
        '200':
          description: Aggregated webhook-delivery stats.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookDeliveryResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        5XX:
          $ref: '#/components/responses/ServerError'
components:
  parameters:
    MetricsFrom:
      name: from
      in: query
      required: false
      description: |
        Inclusive lower bound (ISO-8601 timestamp). Defaults to
        `now - 30 days` when omitted.
      schema:
        type: string
        format: date-time
    MetricsTo:
      name: to
      in: query
      required: false
      description: |
        Exclusive upper bound (ISO-8601 timestamp). Defaults to `now`
        when omitted.
      schema:
        type: string
        format: date-time
  schemas:
    WebhookDeliveryResponse:
      type: object
      required:
        - total_deliveries
        - success_count
        - failure_count
        - p95_latency_ms
        - failures_by_event
      properties:
        total_deliveries:
          type: integer
          format: int64
          minimum: 0
        success_count:
          type: integer
          format: int64
          minimum: 0
        failure_count:
          type: integer
          format: int64
          minimum: 0
        p95_latency_ms:
          type: number
          minimum: 0
          description: |
            Latency proxy: `attempted_at - webhook_event.created_at`,
            in milliseconds. The attempt row carries no per-attempt
            duration today; this is the closest available signal.
        failures_by_event:
          type: array
          items:
            $ref: '#/components/schemas/WebhookFailureSlice'
    WebhookFailureSlice:
      type: object
      required:
        - event_type
        - count
      properties:
        event_type:
          type: string
        count:
          type: integer
          format: int64
          minimum: 0
    ErrorEnvelope:
      type: object
      description: |
        Error envelope returned as the top-level body of every non-2xx
        HTTP response. The actual error payload lives in the `error`
        field — branch on `error.code`.
      required:
        - error
      properties:
        error:
          $ref: '#/components/schemas/ErrorInfo'
    ErrorInfo:
      type: object
      description: |
        The inner error payload. Used as the top-level body of an
        HTTP error response (wrapped in `ErrorEnvelope`) and as the
        embedded `error` field on resources that record a failure
        (like `Operation.error`).
      required:
        - code
        - message
        - type
      properties:
        code:
          type: string
          description: |
            Stable machine-readable identifier. Branch on this in
            your code, not on `message`.
          example: unknown_api_key
        message:
          type: string
          description: Plain-English explanation safe to log.
          example: The API key you presented doesn't match any active key.
        doc_url:
          type: string
          format: uri
          description: |
            Link to the docs page for this specific error code.
            Shareable with teammates in support tickets.
          example: https://portal.ledgersyncappv2.com/errors/unknown_api_key
        type:
          type: string
          description: |
            Stripe-style broad failure-mode category — useful for
            "treat all of these the same way" branches. Derived
            from the HTTP status. Orthogonal to `category`, which
            classifies by origin.
          enum:
            - auth_error
            - invalid_request
            - rate_limit_error
            - idempotency_error
            - not_found
            - api_error
          example: auth_error
        category:
          type: string
          description: |
            Plaid-style coarse classification by origin. Branch on
            this for routing logic — retry the request, surface to
            the end user in the widget, or page on-call. Orthogonal
            to `type` (which is HTTP-status-derived).
          enum:
            - AUTH_ERROR
            - INSTITUTION_ERROR
            - CAPABILITY_UNAVAILABLE
            - CONNECTION_ERROR
            - RATE_LIMIT
            - INVALID_REQUEST
            - RESOURCE_NOT_FOUND
            - PLATFORM_ERROR
          example: AUTH_ERROR
        is_user_actionable:
          type: boolean
          description: |
            True when the end user can resolve this error (re-enter
            credentials, complete MFA, accept an updated
            agreement). False when the error requires
            institution-side or LS platform-side action. Useful for
            deciding whether to send the end user back to the
            widget or surface an "operational issue" banner.
          example: true
        source_diagnostic_code:
          type: string
          pattern: ^(FIN|MX|FDE)-[A-Z0-9_]+$
          description: |
            Opaque upstream-source diagnostic identifier (e.g.
            `FIN-103`, `MX-DENIED`). Present only on errors that
            originated at an aggregator/extractor. Use for support
            triage — do NOT branch on this value; the unified
            `code` and `category` are the integrator-facing
            vocabulary.
          example: FIN-103
        param:
          type: string
          description: |
            For validation failures (4xx), the request field that
            tripped the check. Dot-separated path for nested
            fields.
          example: client.email
        trace_id:
          type: string
          description: |
            Same as the `X-LS-Trace-Id` response header — paste in
            a support ticket to jump to the request.
          example: 4bf92f3577b34da6a3ce929d0e0e4736
        errors:
          type: array
          description: |
            Per-field validation errors (only present on 400 when
            multiple fields failed at once).
          items:
            type: object
            required:
              - param
              - message
            properties:
              param:
                type: string
                example: client.email
              message:
                type: string
                example: must be a valid email address
              code:
                type: string
                example: invalid_email
  responses:
    BadRequest:
      description: |
        Something in the request body or query string didn't pass
        validation. The response carries `error.param` (or
        `error.errors[]` for multi-field failures) so you know which
        field to fix.
      headers:
        X-LS-Trace-Id:
          $ref: '#/components/headers/X-LS-Trace-Id'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
    Unauthorized:
      description: |
        Either the `Authorization` header is missing or the bearer
        token doesn't match an active API key. Double-check the key
        and the environment — sandbox keys can't be used against the
        production base URL and vice versa.
      headers:
        X-LS-Trace-Id:
          $ref: '#/components/headers/X-LS-Trace-Id'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
    ServerError:
      description: |
        Something broke on our side. Grab `X-LS-Trace-Id` from the
        response headers and ping us at support@ledgersync.com — that
        trace id lets us jump straight to your request.
      headers:
        X-LS-Trace-Id:
          $ref: '#/components/headers/X-LS-Trace-Id'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  headers:
    X-LS-Trace-Id:
      description: Distributed-trace ID for this request. Quote in support tickets.
      schema:
        type: string
        example: 4bf92f3577b34da6a3ce929d0e0e4736
  securitySchemes:
    bearer:
      type: http
      scheme: bearer
      bearerFormat: LedgerSync API key
      description: |
        Pass your secret key in the `Authorization` header as a Bearer
        token: `Authorization: Bearer sk_test_...` (sandbox) or
        `Bearer sk_live_...` (production).

        Keys are created in the developer portal and the plaintext
        secret is shown exactly once at creation. Treat them like
        passwords — never embed them in mobile apps or front-end code.

````