> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mag3nt.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Register a webhook endpoint

> Register an HTTPS endpoint to receive signed `payment.settled` events when your pay links settle. The signing secret is returned ONCE in this response and cannot be retrieved again. Use it to verify the X-mag3nt-Signature header on each delivery. Max 5 active webhooks per wallet. URLs must be https and may not target private/loopback hosts.




## OpenAPI

````yaml /openapi.yaml post /api/webhooks
openapi: 3.1.0
info:
  title: mag3nt API
  version: '2026-06-04'
  description: >
    Payment infrastructure for AI agents. Issue virtual cards, pay for API
    access via x402/AP2/MPP protocols, and settle in USDC on Base.
  contact:
    name: mag3nt
    url: https://mag3nt.com
  license:
    name: Proprietary
    url: https://github.com/mag3nt-com/mag3nt-node/blob/main/LICENSE
servers:
  - url: https://mag3nt.com
    description: Production
security:
  - ApiKeyAuth: []
tags:
  - name: Payments
    description: Universal outbound protocol payments
  - name: Cards
    description: Virtual payment card lifecycle
  - name: Keys
    description: Developer API key management
  - name: Funding
    description: Treasury deposits and balances
  - name: x402
    description: HTTP 402 payment protocol
  - name: AP2
    description: Agent-to-Agent Payment Protocol
  - name: MPP
    description: Micropayment Protocol with streaming
  - name: Pay Links
    description: Shareable payment URLs
  - name: Withdrawals
    description: Withdraw unspent funds back to wallet
  - name: Settlement
    description: On-chain settlement status
  - name: Webhooks
    description: Signed payment.settled notifications for sellers
  - name: Status
    description: System health and configuration
externalDocs:
  description: mag3nt documentation
  url: https://docs.mag3nt.com
paths:
  /api/webhooks:
    post:
      tags:
        - Webhooks
      summary: Register a webhook endpoint
      description: >
        Register an HTTPS endpoint to receive signed `payment.settled` events
        when your pay links settle. The signing secret is returned ONCE in this
        response and cannot be retrieved again. Use it to verify the
        X-mag3nt-Signature header on each delivery. Max 5 active webhooks per
        wallet. URLs must be https and may not target private/loopback hosts.
      operationId: webhooksCreate
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - url
              properties:
                url:
                  type: string
                  format: uri
                  description: HTTPS endpoint that will receive events
                  example: https://api.acme.com/hooks/mag3nt
                description:
                  type: string
                  description: Optional label for this webhook
      responses:
        '200':
          description: Webhook registered (secret shown once)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookSecret'
        '400':
          description: Invalid or disallowed URL, or webhook limit reached
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
components:
  schemas:
    WebhookSecret:
      type: object
      description: >
        Returned ONLY when a webhook is created. The secret is used to verify
        the X-mag3nt-Signature header on delivered events and cannot be
        retrieved again.
      properties:
        id:
          type: string
          example: wh_3b9fe670abcdef...
        url:
          type: string
          format: uri
        description:
          type: string
        status:
          type: string
          example: ACTIVE
        secret:
          type: string
          description: HMAC signing secret (whsec_...). Store securely; shown once.
          example: whsec_1a2b3c4d5e6f...
        note:
          type: string
    Error:
      type: object
      required:
        - error
      properties:
        error:
          type: string
          example: Card not found
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: Authorization
      description: API key prefixed with 'Bearer sx_live_...'

````