Update webhook - Hub Message

curl --request PATCH \
  --url https://api.hubmessage.io/v1/channels/{channelId}/webhooks/{webhookId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "status": "DISABLED"
}
'

{
  "id": "A1B2C3D4E5F6789012345678901234AB",
  "instanceId": "019E4C54B1B375A28970B605CA9B03C3",
  "url": "https://app.yourcompany.com/webhooks/hubmessage",
  "description": "Main production webhook",
  "events": [
    "MESSAGE_RECEIVED",
    "MESSAGE_STATUS"
  ],
  "status": "ENABLED",
  "signing": true,
  "secret": "d4e5f6789012345678901234abcdef0123456789abcdef0123456789ab12c3d4",
  "auth": {
    "type": "BEARER",
    "configured": true
  },
  "payloadFormat": "DEFAULT",
  "customAttributes": {},
  "createdAt": "2025-01-15T10:30:00.000+0000",
  "updatedAt": "2025-01-20T14:00:00.000+0000"
}

PATCH

channels

{channelId}

webhooks

{webhookId}

curl --request PATCH \
  --url https://api.hubmessage.io/v1/channels/{channelId}/webhooks/{webhookId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "status": "DISABLED"
}
'

{
  "id": "A1B2C3D4E5F6789012345678901234AB",
  "instanceId": "019E4C54B1B375A28970B605CA9B03C3",
  "url": "https://app.yourcompany.com/webhooks/hubmessage",
  "description": "Main production webhook",
  "events": [
    "MESSAGE_RECEIVED",
    "MESSAGE_STATUS"
  ],
  "status": "ENABLED",
  "signing": true,
  "secret": "d4e5f6789012345678901234abcdef0123456789abcdef0123456789ab12c3d4",
  "auth": {
    "type": "BEARER",
    "configured": true
  },
  "payloadFormat": "DEFAULT",
  "customAttributes": {},
  "createdAt": "2025-01-15T10:30:00.000+0000",
  "updatedAt": "2025-01-20T14:00:00.000+0000"
}

Overview

Partially updates a webhook’s configuration. Only the fields sent in the body are updated — the rest remain unchanged.

Updating events

When sending the events field, the list replaces all existing events:

{ "events": ["MESSAGE_RECEIVED", "MESSAGE_STATUS", "CONNECTED"] }

Enabling or rotating HMAC signing

If you send signing: true, a new secret is generated and returned in this response. Use this also to rotate the secret without recreating the webhook.

{ "signing": true }

The new secret is returned only in this response. Store it before closing the session.

Temporarily disabling

{ "status": "DISABLED" }

The webhook stops receiving events while DISABLED. To reactivate:

{ "status": "ENABLED" }

This endpoint requires the ENTERPRISE role on your account.

The webhookId is obtained from the Create webhook or List webhooks endpoint.

Authorizations

Authorization

string

header

required

Secret Key generated in the Hub Message Security panel

Path Parameters

channelId

string

required

Channel ID

Example:

"019E4C54B1B375A28970B605CA9B03C3"

webhookId

string

required

Webhook ID

Example:

"A1B2C3D4E5F6789012345678901234AB"

Body

application/json

All fields are optional — only the fields sent are updated.

url

string

New destination URL

Example:

"https://new-url.yourcompany.com/webhooks/hubmessage"

description

string

New description

events

enum<string>[]

New event list — replaces all existing events

Available options:

MESSAGE_RECEIVED,

MESSAGE_DELIVERY,

MESSAGE_STATUS,

RECEIVED_STATUS,

RECEIVED_AND_DELIVERY,

CONNECTED,

DISCONNECTED,

PRESENCE_CHAT,

INITIAL_DATA,

BLOCK

status

enum<string>

DISABLED pauses event delivery without deleting the webhook

Available options:

ENABLED,

DISABLED

signing

boolean

Enables or rotates the HMAC signature. Generates a new secret returned in the response.

auth

object

Configures how Hub Message authenticates when calling your URL

Show child attributes

payloadFormat

enum<string>

Available options:

DEFAULT,

Z_API

customAttributes

object

Response

Webhook updated successfully. The secret field is returned only when signing was enabled in this update.

string

Unique webhook ID

Example:

"A1B2C3D4E5F6789012345678901234AB"

instanceId

string

ID of the channel this webhook belongs to

Example:

"019E4C54B1B375A28970B605CA9B03C3"

url

string

Event destination URL

Example:

"https://app.yourcompany.com/webhooks/hubmessage"

description

string | null

Webhook description

Example:

"Main production webhook"

events

string[]

Configured event types

Example:

["MESSAGE_RECEIVED", "MESSAGE_STATUS"]

status

enum<string>

Current webhook status

Available options:

ENABLED,

DISABLED

Example:

"ENABLED"

signing

boolean

Indicates whether HMAC signing is enabled

Example:

true

auth

object

Summary of configured authentication — credentials are not returned for security

Show child attributes

payloadFormat

enum<string>

Delivered payload format

Available options:

DEFAULT,

Z_API

Example:

"DEFAULT"

customAttributes

object

Configured extra attributes

Example:

{}

createdAt

string<date-time>

Creation date

Example:

"2025-01-15T10:30:00.000+0000"

updatedAt

string<date-time>

Last update date

Example:

"2025-01-15T10:30:00.000+0000"

secret

string

64-character hex HMAC secret — returned only when signing is enabled on create or update. Store it securely; it cannot be retrieved later.

Example:

"a3f1c2d4e5b6789012345678901234abcdef0123456789abcdef0123456789ab"

Get webhook Delete webhook

​Overview

​Updating events

​Enabling or rotating HMAC signing

​Temporarily disabling

Authorizations

Path Parameters

Body

Response

Overview

Updating events

Enabling or rotating HMAC signing

Temporarily disabling