Skip to main content
POST
/
v1
/
webhooks
curl --request POST \
  --url https://api.anchorbrowser.io/v1/webhooks \
  --header 'Content-Type: application/json' \
  --header 'anchor-api-key: <api-key>' \
  --data '
{
  "url": "https://your-app.example.com/anchor/webhooks",
  "subscribed_events": [
    "task.completed",
    "task.failed",
    "task.healed"
  ]
}
'
{
  "id": "wh_01HXJ4MZ7K9P3Q6R8S2T4V5W7Y",
  "project_id": "5d2c31f6-ab7e-481a-b6fd-8b4a96a4e197",
  "url": "https://your-app.example.com/anchor/webhooks",
  "description": "Production task notifications",
  "subscribed_events": [],
  "enabled": true,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z",
  "secret": "36da51b166a69268a59a8d5ee0b32c9f5e5aaee7d301c7a5a36844318e116fc6"
}

Authorizations

anchor-api-key
string
header
required

API key passed in the header

Body

application/json
url
string<uri>
required

HTTPS endpoint Anchor will POST events to. Rejected (400) if it points at loopback / private / link-local IPs, cloud metadata services, internal-only TLDs, AWS STS / IAM / EKS endpoints, or contains basic-auth credentials.

Required string length: 1 - 2048
Example:

"https://your-app.example.com/anchor/webhooks"

subscribed_events
enum<string>[]
required

Events this webhook should receive. At least one is required.

Minimum array length: 1

Catalog of webhook event types Anchor can deliver. Adding a new event type is a coordinated change between session-manager (publisher), webhook-dispatcher (consumer), and the dashboard.

Available options:
task.completed,
task.failed,
task.cancelled,
task.healed,
session.completed,
session.failed,
session.recording.ready,
batch.completed,
batch.failed,
intervention.requested,
intervention.resolved,
identity.authenticated,
identity.authentication_failed
description
string

Optional human-readable description.

Maximum string length: 256
Example:

"Production task notifications"

Response

Webhook created. The secret field is returned ONCE — copy it now.

Same shape as WebhookPublic plus the freshly minted signing secret. Returned ONLY by create and rotate-secret. Store it the first time — Anchor never returns it again. If lost, rotate to mint a new one.

id
string
required

Webhook id. Use as the path parameter on subsequent calls.

Example:

"wh_01HXJ4MZ7K9P3Q6R8S2T4V5W7Y"

project_id
string<uuid>
required

The project (team) the webhook belongs to.

Example:

"5d2c31f6-ab7e-481a-b6fd-8b4a96a4e197"

url
string<uri>
required

HTTPS URL Anchor will POST events to.

Example:

"https://your-app.example.com/anchor/webhooks"

description
string | null
required

Optional human-readable description.

Maximum string length: 256
Example:

"Production task notifications"

subscribed_events
enum<string>[]
required

Event types this webhook is currently subscribed to.

Catalog of webhook event types Anchor can deliver. Adding a new event type is a coordinated change between session-manager (publisher), webhook-dispatcher (consumer), and the dashboard.

Available options:
task.completed,
task.failed,
task.cancelled,
task.healed,
session.completed,
session.failed,
session.recording.ready,
batch.completed,
batch.failed,
intervention.requested,
intervention.resolved,
identity.authenticated,
identity.authentication_failed
enabled
boolean
required

When false, no events fan out to this webhook.

Example:

true

created_at
string<date-time> | null
required
updated_at
string<date-time> | null
required
secret
string
required

HMAC-SHA256 signing secret. Use this to verify the Anchor-Signature header on each delivery.

Example:

"36da51b166a69268a59a8d5ee0b32c9f5e5aaee7d301c7a5a36844318e116fc6"