Skip to main content
POST
/
api
/
v3
/
organization
/
webhooks
Create Webhook
curl --request POST \
  --url https://api.dataspike.io/api/v3/organization/webhooks \
  --header 'Content-Type: application/json' \
  --header 'ds-api-token: <api-key>' \
  --data '
{
  "is_sandbox": false,
  "webhook_url": "https://dataspike.io",
  "event_types": [
    "AML_SCREENING"
  ],
  "enabled": true
}
'
{
  "id": "01927ed4-c928-7a3c-9a30-7ab7cc169d11",
  "hmac_signing_secret": "whsec_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1"
}

Authorizations

ds-api-token
string
header
required

Body

application/json

Common Webhook Request

is_sandbox
boolean
default:false

For what environment new Webhook should be created

webhook_url
string<url>

Your server endpoint where Dataspike service will send AML and Document Verification events

Example:

"https://dataspike.io"

event_types
enum<string>[]
Available options:
AML_SCREENING,
DOCVER,
TRANSACTION_MONITORING,
KYT_WALLET_CHECK
Example:
["AML_SCREENING"]
enabled
boolean
default:true

Set to false if you want temporarily deactivate webhook

Response

200 - application/json

Webhook Created

Returned when a webhook is created. hmac_signing_secret is shown only once — store it securely immediately.

id
string<uuid>

Unique ID of the newly created webhook

Example:

"01927ed4-c928-7a3c-9a30-7ab7cc169d11"

hmac_signing_secret
string

HMAC-SHA256 signing secret used to verify the authenticity of incoming webhook requests. Shown only once — store it in a secrets manager or environment variable.

Example:

"whsec_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1"