POST/v2/webhooksCreate a webhook

Create a webhook for our platform to interact with
Due to the security-sensetive nature of our products, we recommend an HMAC to validate the integrity of our messages. Optionally, you can provide us with a simple secret.

header	Authorization	Authentication token (bearer token or API key).
{ "organizationId" : Number, "deviceIds" : [Number], "deviceGroupIds" : [Number], "secretHttp" : String, "webhookUrl" : String, "topics" : ["DeviceActivationEvents" / "DeviceDeactivationEvents" / "DeviceStatusEvents" / "DeviceTamperEvents"] }

Response

status	401	Invalid authentication token
{ "id" : Number, "secretHmac" : String }

Example: Connect a Webhook to our platform

POST/v2/webhooks

header	Authorization	Bearer ab882227-c692-4eb3-a9c7-c6116de41f0f
{ "organizationId": 6, "deviceIds": [85, 86, 87], "secretHttp": "PoWJFA11inptkbGz", "webhookUrl": "https://webhooks.athom.com/webhook/XXXXX", "topics": ["DeviceActivationEvents", "DeviceDeactivationEvents", "DeviceStatusEvents", "DeviceTamperEvents"] }

Response

status	200
header	Access-Control-Expose-Headers	authorization, content-type
header	Access-Control-Allow-Headers	authorization, content-type
header	Access-Control-Allow-Methods	GET, POST, DELETE, OPTIONS, PUT
header	Access-Control-Allow-Origin	*
header	Strict-Transport-Security	max-age=31536000; includeSubDomains
header	X-Frame-Options	SAMEORIGIN
header	X-Content-Type-Options	nosniff
header	X-XSS-Protection	1; mode=block
header	Content-Security-Policy	default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
header	Referrer-Policy	no-referrer
header	Feature-Policy	self
header	Permissions-policy	interest-cohort=()
{ "id": 2, "secretHmac": "bSxyOp4vaSNpvyUMfrA98WsOqRSlzBBB" }

Example: Connect an insecure Webhook to our platform

POST/v2/webhooks

header	Authorization	Bearer cc4e4206-8de4-4323-9338-e2fd11a45b3d
{ "organizationId": 7, "deviceIds": [89, 90, 91], "secretHttp": "K22DgtNmch9DxKtJ", "webhookUrl": "http://webhooks.athom.com/webhook/XXXXX", "topics": ["DeviceActivationEvents", "DeviceDeactivationEvents", "DeviceStatusEvents", "DeviceTamperEvents"] }

Response

status	400
header	Access-Control-Expose-Headers	authorization, content-type
header	Access-Control-Allow-Headers	authorization, content-type
header	Access-Control-Allow-Methods	GET, POST, DELETE, OPTIONS, PUT
header	Access-Control-Allow-Origin	*
header	Strict-Transport-Security	max-age=31536000; includeSubDomains
header	X-Frame-Options	SAMEORIGIN
header	X-Content-Type-Options	nosniff
header	X-XSS-Protection	1; mode=block
header	Content-Security-Policy	default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
header	Referrer-Policy	no-referrer
header	Feature-Policy	self
header	Permissions-policy	interest-cohort=()
{ "message": "Unsupported protocol: We only support https for now.", "code": "WebhookUnsupportedProtocol", "errorMessage": "Unsupported protocol: We only support https for now.", "errorCode": "WebhookUnsupportedProtocol" }