# Webhook Subscriptions

Webhook subscription management and event delivery.

## Create a webhook subscription

 - [POST /webhooks](https://tote.redocly.app/online-ordering/spec/openapi/webhook-subscriptions/createwebhooksubscription.md): Register an HTTPS endpoint to receive webhook events. You can create
multiple subscriptions to route different event types to different URLs.

Signing secret: The response includes a signing_secret field that
is ONLY returned in this response. Store it securely -- it cannot be
retrieved again. Use it to verify the X-Tote-Signature header on
incoming webhook deliveries.

Idempotency: This endpoint requires the Idempotency-Key header.
If a request with the same key is received within 24 hours, the server
returns the cached response without creating a duplicate subscription.

## List webhook subscriptions

 - [GET /webhooks](https://tote.redocly.app/online-ordering/spec/openapi/webhook-subscriptions/listwebhooksubscriptions.md): Returns all webhook subscriptions for the authenticated partner.
Results are ordered by creation date (newest first).

Note: The signing_secret field is NOT included in list responses.
It is only returned when a subscription is first created via POST.

Pagination: Results use cursor-based pagination. Use the cursor
parameter from the pagination.next_cursor field to retrieve the next page.

## Delete a webhook subscription

 - [DELETE /webhooks/{webhook_id}](https://tote.redocly.app/online-ordering/spec/openapi/webhook-subscriptions/deletewebhooksubscription.md): Permanently removes a webhook subscription. Events will no longer be
delivered to the subscription URL. This action cannot be undone.

After deletion, any in-flight deliveries for this subscription may
still arrive at the endpoint. Your webhook handler should gracefully
ignore events for unknown subscriptions.