Create Webhook

curl -X POST https://xquik.com/api/v1/webhooks \
  -H "x-api-key: xq_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhook",
    "eventTypes": ["tweet.new", "tweet.reply"]
  }' | jq

Headers

x-api-key

string

required

Your API key. This endpoint also accepts session cookie authentication.

Content-Type

string

required

Must be application/json.

Body

url

string

required

HTTPS endpoint URL where events will be delivered. HTTP URLs are rejected.

eventTypes

string[]

required

Array of event types to subscribe to. At least 1 required. Valid types: tweet.new, tweet.reply, tweet.quote, tweet.retweet.

Response

201 Created
401 Unauthenticated
400 Invalid Input

string

Unique webhook identifier.

url

string

The registered delivery endpoint.

eventTypes

string[]

Event types this webhook is subscribed to.

secret

string

32-byte hex signing secret for verifying webhook signatures.

createdAt

string

ISO 8601 creation timestamp.

{
  "id": "15",
  "url": "https://your-server.com/webhook",
  "eventTypes": ["tweet.new", "tweet.reply"],
  "secret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "createdAt": "2026-02-24T10:30:00.000Z"
}

The secret is returned only once. Store it securely — you need it to verify webhook signatures. It cannot be retrieved again.

{ "error": "unauthenticated" }

Missing or invalid API key / session cookie.

{ "error": "invalid_input" }

Invalid URL (must be HTTPS) or empty eventTypes array.

This endpoint supports dual authentication — either API key (x-api-key header) or session cookie from the dashboard.Related: List Webhooks · Signature Verification · Webhooks Overview

Overview

Account

API Keys

Monitors

Events

Webhooks

Create Webhook

Headers

Body

Response

Overview

Account

API Keys

Monitors

Events

Webhooks

​Headers

​Body

​Response

Headers

Body

Response