Skip to main content
POST
/
webhooks
Create webhook
curl --request POST \
  --url https://api.example.com/webhooks \
  --header 'Content-Type: <content-type>' \
  --header 'x-api-key: <x-api-key>' \
  --data '
{
  "url": "<string>",
  "eventTypes": [
    "<string>"
  ]
}
'
Free — does not consume credits
curl -X POST https://xquik.com/api/v1/webhooks \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhook",
    "eventTypes": ["tweet.new", "tweet.reply"]
  }' | jq

Headers

x-api-key
string
required
Your API key. Session cookie authentication is also supported.
Content-Type
string
required
Must be application/json.

Body

url
string
required
HTTPS endpoint URL where events will be delivered. HTTP URLs are rejected. URLs resolving to private or internal IP addresses (localhost, 10.x.x.x, 172.16-31.x.x, 192.168.x.x, 169.254.x.x) are also rejected.
eventTypes
string[]
required
Array of event types to subscribe to. At least 1 required. Valid types: tweet.new, tweet.reply, tweet.quote, tweet.retweet, follower.gained, follower.lost.

Response

id
string
Unique webhook identifier.
url
string
The registered delivery endpoint.
eventTypes
string[]
Event types this webhook is subscribed to.
secret
string
HMAC signing secret (64-character hex string). Store securely. Returned only at creation time.
createdAt
string
ISO 8601 creation timestamp.
{
  "id": "15",
  "url": "https://your-server.com/webhook",
  "eventTypes": ["tweet.new", "tweet.reply"],
  "secret": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
  "createdAt": "2026-02-24T10:30:00.000Z"
}
The secret is returned only once. Store it securely. You need it to verify webhook signatures. It cannot be retrieved again.
This endpoint supports dual authentication: API key (x-api-key header) or session cookie from the dashboard.Next steps: List Webhooks · Signature Verification · Webhooks Overview