Webhook Endpoints

Endpoints

POST /v1/webhook_endpoints Register an endpoint

GET /v1/webhook_endpoints List endpoints

PATCH /v1/webhook_endpoints/{id} Update an endpoint idempotent

DELETE /v1/webhook_endpoints/{id} Delete an endpoint

POST /v1/webhook_endpoints/{id}/test Send a test event

POST /v1/webhook_endpoints/{id}/deliveries/{delivery_id}/replay Replay a past delivery

Register an endpoint

HTTP
POST /v1/webhook_endpoints

Field	Type	Description
url	string	required — your HTTPS URL.
events	array	required — types to subscribe to, e.g. ["event.created","departure.updated"]. Use ["*"] for everything.
description	string?	Human label.
connect_events	boolean?	Default false. When true, receives events for all Connect accounts.
secret	string?	Provide your own signing secret. If omitted, one is generated.

Response includes the secret. It's shown only once.

JSON
{
  "id": "wbk_4jkl5mno6pqr",
  "object": "webhook_endpoint",
  "url": "https://your-app.com/webhooks/chronapilot",
  "events": ["event.created","departure.updated"],
  "secret": "whsec_8x9y0z1a2b3c4d5e6f7g8h9i0j1k2l3m",
  "status": "enabled",
  "created_at": "2026-05-20T18:14:22Z",
  "request_id": "req_…"
}

List, retrieve, update, delete

HTTP
GET    /v1/webhook_endpoints
GET    /v1/webhook_endpoints/{id}
PATCH  /v1/webhook_endpoints/{id}
DELETE /v1/webhook_endpoints/{id}

PATCH accepts events, url, description, and status (enabled or disabled).

Test an endpoint

HTTP
POST /v1/webhook_endpoints/{id}/test

JSON
{ "type": "departure.updated" }

Sends a synthetic event matching the type, with livemode: false and livemode_test: true.

Replay a past delivery

HTTP
POST /v1/webhook_endpoints/{id}/deliveries/{delivery_id}/replay

Re-fires a logged delivery to the same endpoint, or pass url to redirect.

Signature

The Chronapilot-Signature header has the form:

text
t=1716247200,v1=5257a869e7ecebeda32afb5e26a52e9eda1a8b1eb2a3b8d51d8c8e2f0c4d9a3b

Compute HMAC-SHA256 of . with your endpoint's secret and compare to v1 (constant-time). The leading t is the Unix timestamp; reject deliveries older than 5 minutes to prevent replay attacks.

See Webhooks for a worked example.

curl https://api.chronapilot.com/v1/webhook_endpoints \ -X POST \ -H "Authorization: Bearer sk_test_4eC39HqLyjWDarjtT1zdp7dc" \ -H "Chronapilot-Version: 2026-05-20" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-app.example.com/webhooks/chronapilot", "events": [ "event.created", "departure.updated" ] }'

import ChronaPilot from '@chronapilot/node'; const cp = new ChronaPilot('sk_test_4eC39HqLyjWDarjtT1zdp7dc'); const result = await cp.webhookEndpoints.create({ url: 'https://your-app.example.com/webhooks/chronapilot', events: [ 'event.created', 'departure.updated' ] });

import chronapilot chronapilot.api_key = 'sk_test_4eC39HqLyjWDarjtT1zdp7dc' result = chronapilot.WebhookEndpoint.create( url='https://your-app.example.com/webhooks/chronapilot', events=['event.created', 'departure.updated'], )

{ "id": "wbk_4jkl5mno6pqr", "object": "webhook_endpoint", "url": "https://your-app.example.com/webhooks/chronapilot", "events": [ "event.created", "departure.updated" ], "secret": "whsec_8x9y0z1a2b3c4d5e6f7g8h9i0j1k2l3m", "status": "enabled", "created_at": "2026-05-20T18:14:22Z", "livemode": true, "request_id": "req_1A2b3C4d5E6f" }