Register a webhook endpoint
Authenticated with an API key or dashboard session. The signingSecret is returned once at creation and is used to verify the HMAC-SHA256 X-Letmepost-Signature header on every delivery. An empty events array subscribes to every event type.
Authorizations
Mint an API key in the dashboard. See https://letmepost.dev/docs/authentication/.
Headers
Recommended on every write. Replays within 24 hours return the original response; conflicting bodies surface as 409 idempotency_conflict. See Idempotency.
1 - 128"post-launch-2026-05-15-001"
Body
"https://hooks.example.com/letmepost"
Empty array subscribes the endpoint to every event type.
post.queued, post.validated, post.published, post.rejected, post.failed, post.canceled, post.rescheduled, token.expiring, token.revoked, version.deprecated 500Response
Endpoint created. signingSecret shown once.
post.queued, post.validated, post.published, post.rejected, post.failed, post.canceled, post.rescheduled, token.expiring, token.revoked, version.deprecated HMAC-SHA256 signing secret — returned once at creation. Used to verify every delivery's X-Letmepost-Signature header.
"whsec_…"

