Skip to main content
POST
/
v1
/
webhook_endpoints
Create a webhook endpoint
curl --request POST \
  --url https://api.tybritelabs.com/v1/webhook_endpoints \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "https://yourapp.com/webhooks/tybrite",
  "events": [
    "order.paid",
    "order.fulfilled",
    "payment.succeeded"
  ],
  "enabled": true,
  "metadata": {
    "label": "production-erp",
    "owner": "platform-team"
  }
}
'
{
  "webhook_endpoint": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "store_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "url": "https://yourapp.com/webhooks/tybrite",
    "events": [
      "order.paid",
      "order.fulfilled"
    ],
    "enabled": true,
    "metadata": {},
    "last_success_at": "2023-11-07T05:31:56Z",
    "last_failure_at": "2023-11-07T05:31:56Z",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "signing_secret": "a1b2c3d4e5f6..."
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.tybritelabs.com/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

API Key Authentication

Use your API key in the Authorization header:

Authorization: Bearer tybrite_sk_live_YOUR_KEY

Key Types:

Secret Keys (Server-Side Only):

  • Format: tybrite_sk_live_* (production) or tybrite_sk_test_* (sandbox)
  • Full read/write access to all endpoints
  • ⚠️ NEVER expose in client-side code or public repositories
  • Required for: write operations, authentication, payment verification, AI recommendations

Publishable Keys (Client-Safe):

  • Format: tybrite_pk_live_* (production) or tybrite_pk_test_* (sandbox)
  • Read-only access (GET requests only, plus POST semantic search)
  • ✅ Safe for client-side JavaScript, mobile apps, and public code
  • Allowed for: browsing products, search, CMS content, pricing queries

Endpoint-Specific Requirements:

  • Authentication endpoints (/v1/auth/*): Secret key required
  • Payment verification (POST /v1/payments/verify): Secret key required
  • AI Recommendations (POST /v1/recommendations): Secret key required
  • Semantic Search (POST /v1/search): Both key types allowed (read-only operation)
  • All write operations: Secret key required
  • All read operations: Both key types allowed

Using a publishable key for restricted operations returns 403 Forbidden.

Body

application/json
url
string<uri>
required

HTTPS destination URL. HTTP is rejected.

Example:

"https://yourapp.com/webhooks/tybrite"

events
string[]
required

Array of event types to subscribe to. Use ["*"] for all events.

Order lifecycle: order.created, order.paid, order.fulfilled, order.cancelled, order.refunded, order.updated

Payment lifecycle: payment.succeeded, payment.failed, payment.refunded

Customer lifecycle: customer.created, customer.updated, customer.deleted

Inventory & catalog: product.created, product.updated, product.stock_low, product.out_of_stock

Cart & checkout: cart.created, cart.updated, cart.abandoned

Gift cards: gift_card.issued, gift_card.redeemed, gift_card.expired

Promotions: promotion.applied

Example:
[
  "order.paid",
  "order.fulfilled",
  "payment.succeeded"
]
enabled
boolean
default:true

Whether the endpoint is active. Disabled endpoints are skipped on delivery.

metadata
object

Opaque key-value pairs for your own reference (not sent in deliveries).

Example:
{
  "label": "production-erp",
  "owner": "platform-team"
}

Response

Endpoint created

webhook_endpoint
object