This guide explains how to manage your webhook endpoints through the Tonder API. You’ll learn to create, update, and manage webhook endpoints to receive real-time notifications.
Security RequirementsFollow these essential security practices when setting up webhook endpoints:
  • Always use a secure (HTTPS) URL for your webhook endpoint.
  • Use an authentication method (BEARER, API_TOKEN, or BASIC_AUTH) to verify requests come from Tonder.
  • Validate the event structure and content before processing.

Setting up Webhook Endpoints

The webhook management process involves creating and configuring your endpoints through the API.

Step 1: Create a webhook endpoint

First, you need to register your webhook endpoint with Tonder. Register a new URL to receive webhook notifications using the /webhooks/ endpoint. You can configure authentication to secure your endpoint: 
curl -X POST https://stage.tonder.io/api/v1/webhooks/ \
  -H "Authorization: Token YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-site.com/webhook-handler",
    "auth_method": "BEARER",
    "credentials": {
      "token": "a-secure-bearer-token-you-generate"
    }
  }'
You should receive a response confirming the webhook endpoint was created:
FieldTypeDescription
idintegerUnique identifier for this webhook endpoint
urlstringThe webhook URL you registered
statusstringCurrent status of the webhook (active, inactive)
auth_methodstringAuthentication method configured (BEARER, API_TOKEN, BASIC_AUTH)
credentialsobjectAuthentication credentials associated with this webhook
The response is as follows: 
{
  "id": 123,
  "url": "https://your-site.com/webhook-handler",
  "status": "active",
  "auth_method": "BEARER",
  "credentials": {
    "token": "a-secure-bearer-token-you-generate"
  }
}
Make sure to save the webhook id for future management operations.

Step 2: Manage existing webhooks

After creating webhooks, you can update, delete, or list them as needed. Once you have created webhooks, you can manage them using these /webhooks/ API endpoints:
OperationMethodEndpointPurpose
List WebhooksGET/webhooks/Retrieves all webhook endpoints configured for your business
Update WebhookPUT/webhooks/{webhook_id}/Updates the configuration of an existing webhook endpoint
Delete WebhookDELETE/webhooks/{webhook_id}/Removes a webhook endpoint (it will no longer receive notifications)
Here are examples of each management operation: 
curl -X GET https://stage.tonder.io/api/v1/webhooks/ \
  -H "Authorization: Token YOUR_API_KEY"

Troubleshooting

Here are some common setup issues and how to resolve them:
When webhook creation fails due to authentication problems:
  • Check: Verify your API credentials are correct and have proper permissions.
  • Solution: Ensure your endpoint validates the configured authentication method properly.
  • Prevention: Test authentication locally before setting up the webhook.
When your webhook endpoint is created successfully but doesn’t receive events:
  • Check: Verify your endpoint is publicly accessible via HTTPS and responds quickly.
  • Solution: Ensure your endpoint returns a 2xx status code within 30 seconds.
  • Prevention: Test your endpoint URL with tools like curl before registering it.

Next Steps

After setting up webhooks: