> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pilotstatus.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Create webhook

> Creates a webhook subscribed to ONE WhatsApp number. The number comes from the key scope (number key), the x-whatsapp-number-id header or the whatsappNumberId body field — if the body contradicts the key scope → 400 NUMBER_MISMATCH; no resolvable number → 400 NUMBER_REQUIRED; another tenant's number → 404 NUMBER_NOT_FOUND. events picks what gets delivered: an empty/omitted list dispatches NOTHING (there is no implicit "subscribe to all"; use "*" for all) and events the number's provider cannot emit are silently dropped. The signing secret is NEVER returned.



## OpenAPI

````yaml openapi.json POST /v1/webhooks
openapi: 3.1.0
info:
  title: Pilot Status API
  version: 1.0.0
  license:
    name: Pilot Status Terms of Service
    url: https://pilotstatus.com.br/terms
  description: >-
    Public REST API for Pilot Status. Authenticate with the `x-api-key: ps_...`
    header (or `x-api-key-id`). Base URL: https://pilotstatus.com.br
servers:
  - url: https://pilotstatus.com.br
security:
  - apiKey: []
  - apiKeyId: []
paths:
  /v1/webhooks:
    post:
      tags:
        - Webhooks
      summary: Create webhook
      description: >-
        Creates a webhook subscribed to ONE WhatsApp number. The number comes
        from the key scope (number key), the x-whatsapp-number-id header or the
        whatsappNumberId body field — if the body contradicts the key scope →
        400 NUMBER_MISMATCH; no resolvable number → 400 NUMBER_REQUIRED; another
        tenant's number → 404 NUMBER_NOT_FOUND. events picks what gets
        delivered: an empty/omitted list dispatches NOTHING (there is no
        implicit "subscribe to all"; use "*" for all) and events the number's
        provider cannot emit are silently dropped. The signing secret is NEVER
        returned.
      operationId: post_webhooks
      parameters:
        - name: x-whatsapp-number-id
          in: header
          required: false
          description: Scopes to a single number (required for per-number OAuth grants).
          schema:
            type: string
          example: num_01HZX...
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                url:
                  type: string
                  description: HTTPS endpoint that will receive the events.
                  example: https://hooks.acme.com/whatsapp
                name:
                  type: string
                  description: 'Display name (default: the URL hostname).'
                  example: n8n
                events:
                  type: array
                  items:
                    type: string
                  description: >-
                    Events to subscribe to (e.g. ["message.received"]); "*" =
                    all. Empty/omitted = dispatches nothing.
                  example: '["message.received", "message.delivered"]'
                whatsappNumberId:
                  type: string
                  description: >-
                    Target number — only needed with a tenant key and no number
                    header; with a number key it must match the scope (400
                    NUMBER_MISMATCH).
                  example: num_01HZX...
              required:
                - url
            example:
              url: https://hooks.acme.com/whatsapp
              name: n8n
              events:
                - message.received
      responses:
        '201':
          description: Create webhook
          content:
            application/json:
              example:
                id: wh_01HZX...
                tenantId: tenant_01HZX...
                name: n8n
                url: https://hooks.acme.com/whatsapp
                environment: LIVE
                active: true
                events:
                  - message.received
                createdAt: '2026-07-03T12:00:00.000Z'
                updatedAt: '2026-07-03T12:00:00.000Z'
        '400':
          description: Invalid payload or parameters
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Validation error
        '401':
          description: Missing or invalid `x-api-key` / `x-api-key-id` header
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Unauthorized
        '429':
          description: Rate limit exceeded
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                  code:
                    type: string
              example:
                error: Too many requests
components:
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: x-api-key
      description: Your ps_ API key
    apiKeyId:
      type: apiKey
      in: header
      name: x-api-key-id
      description: API key id (alternative to x-api-key)

````