const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({url: 'https://example.com/webhooks', events: ['<string>']})
};
fetch('https://api.factify.com/v1/webhooks', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));{
"id": "whk_01h2xcejqtf2nbrexx3vqjhp41",
"org_id": "org_01h2xcejqtf2nbrexx3vqjhp41",
"url": "https://example.com/webhooks",
"events": [
"<string>"
],
"created_at": "2025-01-15T10:30:00Z",
"secret": "whsec_abc123def456"
}Register a webhook endpoint
Registers a new HTTPS endpoint to receive event deliveries
for the caller’s organization. The response includes a
signing secret (whsec_…) that is returned only on this
call — store it securely. Rotating the secret requires
deleting and re-creating the endpoint.
const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({url: 'https://example.com/webhooks', events: ['<string>']})
};
fetch('https://api.factify.com/v1/webhooks', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));{
"id": "whk_01h2xcejqtf2nbrexx3vqjhp41",
"org_id": "org_01h2xcejqtf2nbrexx3vqjhp41",
"url": "https://example.com/webhooks",
"events": [
"<string>"
],
"created_at": "2025-01-15T10:30:00Z",
"secret": "whsec_abc123def456"
}Documentation Index
Fetch the complete documentation index at: https://developers.factify.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication using a factapi-issued API key
(ffy_<env>_<base32_uuid><base62_random>). Cookie-based
sessions are accepted automatically by user-facing endpoints
but are not surfaced as an OpenAPI auth scheme.
Headers
Optional. Factify-staff acting-as override: when set, factapi
resolves the request against this organization instead of the
session-bound one. Honored only for callers with @factify.com
emails; non-staff requests carrying this header are rejected
with 403. The value is a typed org id (e.g.
org_01h2xcejqtf2nbrexx3vqjhp41).
^org_[0-9a-hjkmnp-tv-z]{26}$"org_01h2xcejqtf2nbrexx3vqjhp41"
Body
Absolute HTTPS URL that will receive event deliveries. Must include scheme and host; relative or scheme-less URLs are rejected with 400.
"https://example.com/webhooks"
Event types this endpoint subscribes to. Must contain at least one entry.
1Response
Created
A registered webhook endpoint that receives event deliveries for an organization.
Unique webhook endpoint ID.
"whk_01h2xcejqtf2nbrexx3vqjhp41"
Organization that owns this endpoint.
"org_01h2xcejqtf2nbrexx3vqjhp41"
Absolute HTTPS URL deliveries are POSTed to.
"https://example.com/webhooks"
Event types this endpoint is subscribed to.
When the endpoint was registered.
"2025-01-15T10:30:00Z"
Signing secret used to authenticate delivery payloads.
Returned only by POST /v1/webhooks and omitted from
list responses — store it at creation time.
"whsec_abc123def456"