Skip to main content
POST
/
webhooks
/
subscriptions
Create a webhook subscription
curl --request POST \
  --url https://api-sandbox.ledgersyncappv2.com/v3/webhooks/subscriptions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "<string>",
  "event_types": [
    "<string>"
  ]
}
'
{
  "id": "whk_01HXYZ8A6N7K2W9PQ4T5Z3V6E0",
  "url": "<string>",
  "event_types": [
    "connection.requires_action",
    "connection.active",
    "connection.failed",
    "connection.disconnected",
    "connection.capability_changed",
    "account.refresh.completed",
    "account.refresh.failed"
  ],
  "created_at": "2023-11-07T05:31:56Z",
  "signing_secret": "<string>",
  "last_success_at": "2023-11-07T05:31:56Z",
  "last_failure_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Pass your secret key in the Authorization header as a Bearer token: Authorization: Bearer sk_test_... (sandbox) or Bearer sk_live_... (production).

Keys are created in the developer portal and the plaintext secret is shown exactly once at creation. Treat them like passwords — never embed them in mobile apps or front-end code.

Body

application/json
url
string<uri>
required

HTTPS URL LedgerSync will POST to. Must be reachable from the public internet.

event_types
string[]
required

Event type subscriptions. Use * to receive every event.

Minimum array length: 1

Response

Subscription created. The signing_secret field is the only time the plaintext secret is returned — store it somewhere safe.

id
string
required
Example:

"whk_01HXYZ8A6N7K2W9PQ4T5Z3V6E0"

url
string<uri>
required
event_types
string[]
required
Example:
[
  "connection.requires_action",
  "connection.active",
  "connection.failed",
  "connection.disconnected",
  "connection.capability_changed",
  "account.refresh.completed",
  "account.refresh.failed"
]
status
enum<string>
required
Available options:
active,
paused,
disabled
created_at
string<date-time>
required
signing_secret
string
required

Plaintext signing secret. Use HMAC-SHA256 with this secret to verify the X-LS-Webhook-Signature header on incoming deliveries. Returned ONCE; store it securely.

last_success_at
string<date-time> | null
last_failure_at
string<date-time> | null