> ## Documentation Index > Fetch the complete documentation index at: https://heygen-1fa696a7.mintlify.app/llms.txt > Use this file to discover all available pages before exploring further. # Create Webhook Endpoint > Registers an HTTPS URL to receive webhook event notifications. Returns the endpoint details and a signing secret. The signing secret is only shown at creation and rotation — store it securely. ## OpenAPI ````yaml /openapi/external-api.json post /v3/webhooks/endpoints openapi: 3.1.0 info: title: HeyGen External API version: 1.0.0 description: >- HeyGen's external API for programmatic AI video creation. See https://docs.heygen.com for full documentation. contact: name: HeyGen Product Infra url: https://heygen.com servers: - url: https://api.heygen.com description: Production security: - ApiKeyAuth: [] - BearerAuth: [] tags: - name: Video Agent description: Create videos from text prompts using AI - name: Videos description: Create, list, retrieve, and delete videos - name: Voices description: Text-to-speech and voice management - name: Audio description: Search the background-music and sound-effects catalog - name: Video Translate description: Translate videos into other languages - name: User description: Account information and billing - name: Avatars description: List and manage avatars and looks - name: Assets description: Upload files for use in video creation - name: Webhooks description: Manage webhook endpoints and events - name: Lipsync description: Dub or replace audio on existing videos - name: Brand description: >- Brand-related resources — brand kits (colors, fonts, logos) and brand glossaries (custom term translations) paths: /v3/webhooks/endpoints: post: tags: - Webhooks summary: Create Webhook Endpoint description: >- Registers an HTTPS URL to receive webhook event notifications. Returns the endpoint details and a signing secret. The signing secret is only shown at creation and rotation — store it securely. operationId: createWebhookEndpoint parameters: - $ref: '#/components/parameters/IdempotencyKey' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateWebhookEndpointRequest' responses: '200': description: Successful response content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/WebhookEndpointResponse' '400': description: Invalid request parameters content: application/json: schema: type: object properties: error: $ref: '#/components/schemas/StandardAPIError' example: error: code: invalid_parameter message: '''url'' must be a publicly accessible HTTPS URL.' param: url doc_url: null '401': description: Authentication failed content: application/json: schema: type: object properties: error: $ref: '#/components/schemas/StandardAPIError' example: error: code: authentication_failed message: Invalid or expired API key. Verify your x-api-key header. param: null doc_url: null '409': description: >- Conflict — either the request conflicts with existing state, or a prior request with this `Idempotency-Key` is still in progress (`request_in_progress`). content: application/json: schema: type: object properties: error: $ref: '#/components/schemas/StandardAPIError' examples: conflict: summary: Resource conflict value: error: code: conflict message: >- A webhook endpoint with this URL already exists for this account. param: null doc_url: null request_in_progress: summary: Concurrent retry with same Idempotency-Key value: error: code: request_in_progress message: >- A request with this Idempotency-Key is already in progress. Retry shortly. param: null doc_url: null '429': description: Rate limit exceeded content: application/json: schema: type: object properties: error: $ref: '#/components/schemas/StandardAPIError' example: error: code: rate_limit_exceeded message: >- Too many requests. Retry after the duration specified in the Retry-After header. param: null doc_url: null headers: Retry-After: description: Seconds to wait before retrying schema: type: integer security: - ApiKeyAuth: [] - BearerAuth: [] components: parameters: IdempotencyKey: name: Idempotency-Key in: header required: false description: >- Optional client-supplied key for safely retrying mutations. Subsequent calls within 24 hours that share this key replay the original response — even if the request body differs slightly (a warning is logged). A retry that arrives while the original is still in flight gets a 409 `request_in_progress`. Keys must be 1–255 characters from `[A-Za-z0-9_:.-]`; a UUID is a safe default. Scope is per-endpoint and per-resource: the same key on a different route or path parameter is independent. schema: type: string pattern: ^[A-Za-z0-9_\-:.]{1,255}$ maxLength: 255 minLength: 1 example: 550e8400-e29b-41d4-a716-446655440000 schemas: CreateWebhookEndpointRequest: additionalProperties: false description: Request body for POST /v3/webhooks/endpoints. properties: url: description: >- Publicly accessible HTTPS URL that will receive webhook POST requests. title: Url type: string events: anyOf: - items: $ref: '#/components/schemas/WebhookEventType' type: array - type: 'null' default: null description: >- Event types to subscribe to. Omit or set to null to receive all events. title: Events entity_id: anyOf: - type: string - type: 'null' default: null description: >- Optional entity ID to scope this endpoint to a specific resource (e.g. a personalized video project). title: Entity Id required: - url title: CreateWebhookEndpointRequest type: object WebhookEndpointResponse: description: A registered webhook endpoint. properties: endpoint_id: description: Unique identifier for this webhook endpoint. examples: - ep_abc123def456 title: Endpoint Id type: string url: description: The URL that receives webhook POST requests. examples: - https://example.com/webhook title: Url type: string events: anyOf: - items: type: string type: array - type: 'null' default: null description: Event types this endpoint subscribes to. Null means all events. examples: - - avatar_video.success - avatar_video.fail title: Events status: description: 'Endpoint status: ''enabled'' or ''disabled''.' examples: - enabled title: Status type: string created_at: description: ISO 8601 timestamp when the endpoint was created. examples: - '2024-04-01T12:00:00Z' title: Created At type: string secret: anyOf: - type: string - type: 'null' default: null description: >- The signing secret for verifying webhook payloads. Only returned on create and rotate-secret. examples: - whsec_abc123def456 title: Secret required: - endpoint_id - url - status - created_at title: WebhookEndpointResponse type: object StandardAPIError: type: object properties: code: type: string description: Machine-readable error code example: invalid_parameter message: type: string description: Human-readable error message example: Video not found param: type: - string - 'null' description: Which request field caused the error doc_url: type: - string - 'null' description: Link to error documentation required: - code - message WebhookEventType: enum: - avatar_video.success - avatar_video.fail - avatar_video_gif.success - avatar_video_gif.fail - video_translate.success - video_translate.fail - personalized_video - instant_avatar.success - instant_avatar.fail - photo_avatar_generation.success - photo_avatar_generation.fail - photo_avatar_train.success - photo_avatar_train.fail - photo_avatar_add_motion.success - photo_avatar_add_motion.fail - proofread_creation.success - proofread_creation.fail - live_avatar.success - live_avatar.fail - avatar_video_caption.success - avatar_video_caption.fail - video_agent.success - video_agent.fail - hyperframes_video.success - hyperframes_video.fail title: WebhookEventType type: string securitySchemes: ApiKeyAuth: type: apiKey in: header name: x-api-key description: HeyGen API key. Obtain from your HeyGen dashboard. BearerAuth: type: http scheme: bearer description: OAuth2 bearer token. ````