# Update Webhook Update an existing Webhook to: - Enable or disable a Webhook. Disabled webhooks stop receiving events at the configured URL. - Add authentication to a Webhook - Override default event filters by specifying the list of events you are interested in receiving Endpoint: PUT /webhooks/{webhook_id} Security: BasicAuth ## Path parameters: - `webhook_id` (string, required) The ID of Webhook object. Example: "WHhRJLcEt53voydzyLQ9aYs7" ## Response 200 fields (application/json): - `id` (string) The ID of the resource. - `created_at` (string) Timestamp of when the object was created. - `updated_at` (string) Timestamp of when the object was last updated. - `application` (string) ID of the Application the resource was created under. - `authentication` (object) Credentials included in webhook POST requests so your server can confirm each request originated from Finix. To learn about the different authentication methods, see [Managing Webhooks via API](/additional-resources/developers/webhooks/integrating-into-webhooks#managing-webhooks-via-api). - `authentication.type` (string) The type of authentication the Webhook will use: - NONE: No authentication will be used. - BASIC: Basic authentication. - BEARER: OAuth2 Bearer Token. Enum: "NONE", "BASIC", "BEARER" - `enabled` (boolean) Whether the Webhook is enabled. Disabled webhooks will not receive events. - true: Events are sent to the url. - false: Events are not sent to the url. - `enabled_events` (array) A list of webhook events to enable for API entities. There can be only one enabled event object per entity. This list is optional and overrides default webhook events. See [Webhook Events](/additional-resources/developers/webhooks/webhook-events) to learn which events are automatically subscribed at creation. When included in a PUT request, this list replaces all previously configured events. - `enabled_events.entity` (string) The API entity for which you want to receive webhook events. Example: "transfer" - `enabled_events.types` (array) A list of webhook event types you want to receive for the specified entity. See the [Webhook Events](/additional-resources/developers/webhooks/webhook-events) guide to learn which values are accepted for each entity. Example: ["created"] - `is_accepting_events` (boolean) Whether the Webhook is currently accepting events; this field mirrors the enabled field. - `nickname` (string) A human-readable name for the Webhook. - `previous_secret_expires_at` (string,null) The time when the previous secret_signing_key expires. Set when the signing key is rotated; null on initial creation. - `secret_signing_key` (string,null) Use this key to verify the Finix-Signature header on incoming webhook events, confirming the payload came from Finix, was not tampered with, and was sent recently. For details, see [Verifying Webhook Signatures](/additional-resources/developers/webhooks/integrating-into-webhooks#verifying-webhook-signatures-finix-signature). - `url` (string) The HTTP or HTTPS URL to receive events. When an event occurs, Finix sends a POST request to this URL with the webhook event payload. - `_links` (object) For your convenience, every response includes several URLs which link to resources relevant to the request. You can use these _links to make your follow-up requests and quickly access relevant IDs. - `_links.application` (object) Link to the Application the request was made under. - `_links.application.href` (string) - `_links.self` (object) Link to the resource that was used in the request. - `_links.self.href` (string) ## Response 400 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 401 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 403 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 404 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource. ## Response 406 fields (application/json): - `total` (integer, required) Total number of errors returned. - `_embedded` (object, required) Container for embedded error objects. - `_embedded.errors` (array) List of individual error objects. - `_embedded.errors.code` (string) The error code. The UNKNOWN error code is returned for a 401 Unauthorized or 403 Forbidden request. - `_embedded.errors.logref` (string) A log reference identifier for the error, useful for debugging and support purposes. - `_embedded.errors.message` (string) A human-friendly error message. - `_embedded.errors._links` (object) Links related to this error. - `_embedded.errors._links.self` (object) Link to the resource related to the error. - `_embedded.errors._links.self.href` (string) URL of the related resource.