> ## Documentation Index > Fetch the complete documentation index at: https://docs.fourthwall.com/llms.txt > Use this file to discover all available pages before exploring further. # Managing Webhooks via API > Programmatically create, update, and manage webhook subscriptions In addition to setting up webhooks through the [dashboard](https://my-shop.fourthwall.com/admin/dashboard/settings/for-developers?redirect), you can programmatically create and manage webhooks using the Platform API. This is useful for: * Automating webhook setup as part of your deployment process * Building integrations that dynamically configure webhooks * Managing webhooks across multiple shops programmatically ## Creating a Webhook Use the [POST /webhooks](/api-reference/platform/webhooks/create-webhook) endpoint to create a new webhook subscription: ```bash theme={null} curl -u "your_username:your_password" \ -X POST "https://api.fourthwall.com/open-api/v1.0/webhooks" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-server.com/webhooks/fourthwall", "allowedTypes": ["ORDER_PLACED", "ORDER_UPDATED", "DONATION"] }' ``` The response includes the webhook configuration with its ID and secret key: ```json theme={null} { "id": "wcon_P-VkRfmJTBaC6_Tst22cew", "url": "https://your-server.com/webhooks/fourthwall", "allowedTypes": ["ORDER_PLACED", "ORDER_UPDATED", "DONATION"], "secret": "e3f93c7c-c92b-4b8f-a9b1-5b70e0891abc" } ``` Store the `secret` value securely - you'll need it to [verify webhook signatures](/webhooks/signature-verification). ## Complete Example: Create, Receive, and Verify Here's a complete flow showing how to set up a webhook programmatically and handle incoming events: **Step 1: Create the webhook** ```python theme={null} import requests # Create webhook subscription using Basic Auth response = requests.post( "https://api.fourthwall.com/open-api/v1.0/webhooks", auth=("your_username", "your_password"), json={ "url": "https://your-server.com/webhooks/fourthwall", "allowedTypes": ["ORDER_PLACED"] } ) webhook_config = response.json() webhook_secret = webhook_config["secret"] # Store this securely! ``` **Step 2: Receive and verify webhook events** ```python theme={null} import hmac import hashlib import base64 from flask import Flask, request, jsonify app = Flask(__name__) WEBHOOK_SECRET = "your_stored_secret" def verify_signature(payload, signature_header): """Verify the webhook signature matches.""" digest = hmac.new( WEBHOOK_SECRET.encode('utf-8'), payload, digestmod=hashlib.sha256 ).digest() computed_signature = base64.b64encode(digest).decode('utf-8') return hmac.compare_digest(computed_signature, signature_header) @app.route('/webhooks/fourthwall', methods=['POST']) def handle_webhook(): # Get the signature from headers signature = request.headers.get('X-Fourthwall-Hmac-SHA256') # Verify the signature if not verify_signature(request.data, signature): return jsonify({"error": "Invalid signature"}), 401 # Parse the webhook payload event = request.json # Handle different event types if event["type"] == "ORDER_PLACED": order_data = event["data"] print(f"New order received: {order_data['friendlyId']}") # Process the order... # Always return 200 to acknowledge receipt return jsonify({"status": "received"}), 200 ``` ## API Endpoints The Platform API provides these endpoints for webhook management: | Endpoint | Description | | ------------------------------------------------------------------------ | --------------------------------- | | [POST /webhooks](/api-reference/platform/webhooks/create-webhook) | Create a new webhook subscription | | [GET /webhooks](/api-reference/platform/webhooks/list-webhooks) | List all webhooks | | [GET /webhooks/{id}](/api-reference/platform/webhooks/get-webhook) | Get a specific webhook | | [PUT /webhooks/{id}](/api-reference/platform/webhooks/update-webhook) | Update a webhook | | [DELETE /webhooks/{id}](/api-reference/platform/webhooks/delete-webhook) | Delete a webhook |