> Part of [WHCC Developer Documentation](https://www.whcc.com/developer/llms.txt)

# Webhooks

The Editor API provides endpoints for registering webhooks as well as validating the `WHCC-Signature` on all webhook requests for security purposes.

> You can learn more about the [WHCC Signature](https://www.whcc.com/developer/docs/order-submit-api/webhook-security/index.html.md) and [types](https://www.whcc.com/developer/docs/order-submit-api/webhook-types/index.html.md) of webhooks in the Order Submit API documentation.

Register a `callbackUri`, which will accept WHCC webhooks, using the following endpoint.

## POST `/webhooks/create`

Content-type: application/json

## curl

### CURL Example Request

```shell
curl https://prospector.dragdrop.design/api/v1/webhooks/create \
	-H "Authorization: Bearer TOKEN_GOES_HERE" \
	-H "Accept: application/json" \
	-H "Content-Type: application/json" \
	-d '{ "callbackUri": YOUR_CALLBACK_URI }'
```

Immediately after `POST`ing the above call, a unique verification code will be sent to the specified `callbackUri`. That code needs to be sent back to the Editor API in the following call to verify that you own the `callbackUri`.

## POST `/webhooks/verify`

Content-type: application/json

## curl

### CURL Example Request

```shell
curl https://prospector.dragdrop.design/api/v1/webhooks/verify \
	-H "Authorization: Bearer TOKEN_GOES_HERE" \
	-H "Accept: application/json" \
	-H "Content-Type: application/json" \
	-d '{ "verifier": CODE_POSTED_TO_CALLBACK_URI }'
```

Every webhook request from WHCC contains a `WHCC-Signature` header to ensure the webhook is from WHCC and intended for your consumption. Validate the signature using this endpoint.

> The security considerations for the [WHCC Signature](https://www.whcc.com/developer/docs/order-submit-api/webhook-security/index.html.md) can be explored in greater detail in the Order Submit API documentation.

## POST `/webhooks/validate`

Content-type: application/json

## curl

### CURL Example Request

```shell
curl https://prospector.dragdrop.design/api/v1/webhooks/validate \
	-H "Authorization: Bearer TOKEN_GOES_HERE" \
	-H "Accept: application/json" \
	-H "Content-Type: application/json" \
	-d '{ "body": WEBHOOK_PAYLOAD, "signature": WHCC-SIGNATURE_HEADER_CONTENT }'
```