Authentication
Send Authorization: Bearer maildns_live_.... Browser sessions never grant API v1 access, and write scopes do not imply their read equivalents.
Stable REST contract
Base URL: https://getmaildns.com/api/v1. All business endpoints require a scoped API key; the OpenAPI document is public and cacheable.
Send Authorization: Bearer maildns_live_.... Browser sessions never grant API v1 access, and write scopes do not imply their read equivalents.
Unknown body or query fields are rejected. Timestamps are UTC ISO 8601 values ending in Z; identifiers are UUIDs.
Ordinary requests cost 1 unit, report analytics cost 5, and starting a check costs 25. Read X-Usage-* on every authenticated response. A depleted quota returns 429 api_quota_exceeded with no overage charge.
Lists return data and an opaque nextCursor. Pass the cursor unchanged and never decode or reuse it on a different endpoint.
Every POST, PATCH, and DELETE requires a UUID Idempotency-Key. Reusing it with different input returns 409 idempotency_conflict.
curl --fail-with-body \
-X POST \
-H "Authorization: Bearer $MAILDNS_API_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: 21f85fa5-a82b-4571-899a-d8c8fc963c2f" \
--data '{"domainId":"f203b128-18f7-4293-99ab-a277934918d8"}' \
"https://getmaildns.com/api/v1/checks"{
"error": {
"code": "invalid_query",
"message": "Check the query parameters."
}
}Treat 429 as flow control, honor Retry-After, and add jitter. Creating more API keys does not multiply an organization's allowance.
1 operation
/organizationReturns the organization identity, current plan, and effective entitlements for the authenticated API key.
organization:read200Organization identity, plan, and effective entitlements.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped organization does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.9 operations
/domainsLists tenant-scoped domains with opaque cursor pagination and optional status or monitoring filters.
domains:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.status query, optionalFilter by lifecycle status.monitoringEnabled query, optionalFilter by whether monitoring is enabled.200A tenant-scoped domain page.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domainsCreates a pending domain and reveals its DNS challenge and report address exactly once.
domains:writeIdempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Strict domain creation input. Unknown fields are rejected. Content type: application/json.
{
"domain": "example.com"
}201Pending domain, one-time report address, and DNS ownership challenge.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The plan's monitored-domain entitlement was reached.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}Returns one tenant-scoped domain, including monitoring settings, schedules, and safe report-address hints.
domains:readdomainId path, requiredUUID of the tenant-scoped domain.200Domain settings, schedules, and safe report-address hints.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}Changes monitoring or retention settings while enforcing the organization's current entitlements.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.At least one domain setting. Unknown fields are rejected. Content type: application/json.
{
"monitoringEnabled": true,
"retentionDays": 30
}200Updated domain settings and current alert-delivery readiness. Monitoring is not blocked when delivery setup is incomplete.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The requested setting exceeds the current plan entitlement.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}Archives a domain and disables all of its monitoring schedules without destroying historical evidence.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.200Archive confirmation. Historical retained evidence is not destroyed.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}/verifyChecks the DNS ownership challenge and returns retry guidance while the TXT record is not visible.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.200Verification succeeded.202The TXT challenge is not visible yet. Retry after the indicated delay.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped pending verification does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.410The current verification challenge expired.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}/verificationExpires the previous challenge and reveals a replacement for a domain that is still pending.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.201Replacement DNS ownership challenge.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}/report-address/rotateActivates a new aggregate-report address and keeps the previous address in its documented grace period.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.200Replacement report address and grace-period metadata.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./domains/{domainId}/report-address/{addressId}/revokeUrgently revokes a previous report address after an explicit hint confirmation; buffered delivery may be lost.
domains:writedomainId path, requiredUUID of the tenant-scoped domain.addressId path, requiredUUID of the tenant-scoped previous report address.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Strong confirmation and audited reason. Unknown fields are rejected. Content type: application/json.
{
"confirmation": "REVOKE a1b2c3d4e5f6",
"reason": "Address exposed in a public repository"
}200Revoked previous report address.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped previous report address does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.410The previous report address already expired.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.5 operations
/checksLists check runs by domain, protocol, status, and a bounded UTC time range.
checks:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.domainId query, optionalFilter by domain UUID.protocol query, optionalFilter by protocol.status query, optionalFilter by check state.from query, optionalInclusive UTC queuedAt lower bound. Must be supplied with to.to query, optionalExclusive UTC queuedAt upper bound. Must be supplied with from; maximum range is 366 days.200A retained check-run page.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./checksQueues every enabled protocol for one verified domain while preserving plan cooldowns and durable scheduling.
checks:runIdempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Verified domain to check. Unknown fields are rejected. Content type: application/json.
{
"domainId": "f203b128-18f7-4293-99ab-a277934918d8"
}202Enabled protocols were queued, or an equivalent run was already queued.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped domain does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./checks/{checkRunId}Returns one check run with its findings and bounded protocol observations.
checks:readcheckRunId path, requiredUUID of the tenant-scoped check run.200Check run with bounded findings and protocol observations.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped check run does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./findingsLists evidence-backed findings by domain, check run, outcome, or severity.
checks:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.domainId query, optionalFilter by domain UUID.checkRunId query, optionalFilter by check-run UUID.outcome query, optionalFilter by finding outcome.severity query, optionalFilter by finding severity.200A retained finding page.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./findings/{findingId}Returns one finding with its observation, protocol rule, impact, and remediation guidance.
checks:readfindingId path, requiredUUID of the tenant-scoped finding.200Finding evidence and remediation guidance.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped finding does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.3 operations
/incidentsLists incidents with tenant-safe domain, status, and severity filters and opaque cursor pagination.
incidents:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.domainId query, optionalFilter by domain UUID.severity query, optionalFilter by current severity.status query, optionalFilter by incident state.200A tenant-scoped incident page.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./incidents/{incidentId}Returns an incident, its event history, and the latest evidence-backed finding.
incidents:readincidentId path, requiredUUID of the tenant-scoped incident.200Incident, bounded event history, and latest finding.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped incident does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./incidents/{incidentId}Acknowledges, annotates, snoozes, resolves, or reopens an incident with transition validation.
incidents:writeincidentId path, requiredUUID of the tenant-scoped incident.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Strict incident transition input. Unknown fields are rejected. Content type: application/json.
{
"action": "acknowledge",
"note": "Investigating DNS provider change"
}200Updated incident state.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped incident does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.6 operations
/reports/dmarcReturns bounded DMARC summary or record analytics as JSON, or formula-safe detailed CSV.
reports:readfrom query, requiredInclusive UTC periodStart lower bound.to query, requiredExclusive UTC periodStart upper bound; maximum range is 366 days.domain query, optionalFilter by normalized domain name.domainId query, optionalFilter by domain UUID; mutually exclusive with domain.view query, optionalSummary or detailed rows.format query, optionalJSON, or CSV for a detailed view only.limit query, optionalDetailed JSON rows per page.cursor query, optionalOpaque cursor for a detailed JSON view.topLimit query, optionalRows in each summary ranking.exportLimit query, optionalMaximum detailed CSV rows.200Analytics in the selected JSON or CSV representation.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./reports/tlsReturns bounded TLS-RPT summary or failure analytics as JSON, or formula-safe detailed CSV.
reports:readfrom query, requiredInclusive UTC periodStart lower bound.to query, requiredExclusive UTC periodStart upper bound; maximum range is 366 days.domain query, optionalFilter by normalized domain name.domainId query, optionalFilter by domain UUID; mutually exclusive with domain.view query, optionalSummary or detailed rows.format query, optionalJSON, or CSV for a detailed view only.limit query, optionalDetailed JSON rows per page.cursor query, optionalOpaque cursor for a detailed JSON view.topLimit query, optionalRows in each summary ranking.exportLimit query, optionalMaximum detailed CSV rows.200Analytics in the selected JSON or CSV representation.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./sending-sourcesLists tenant-scoped sending sources with review state, active DMARC evidence metrics, bounded ranges, filters, and opaque cursor pagination.
reports:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.from query, optionalInclusive periodStart lower bound. Supply it with to; omitted ranges default to the last 30 days.to query, optionalExclusive periodStart upper bound. Supply it with from; maximum range is 366 days.domainId query, optionalFilter by domain UUID.authorization query, optionalFilter by operator review state.health query, optionalFilter by active-evidence alignment health.kind query, optionalFilter by source kind.query query, optionalCase-insensitive search across source, name, provider, and domain.200A tenant-scoped sender inventory page with active-evidence metrics.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The requested evidence predates the current plan's history entitlement.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./sending-sources/exportExports the filtered sender inventory as a bounded, formula-safe CSV file.
reports:readfrom query, optionalInclusive periodStart lower bound. Supply it with to; omitted ranges default to the last 30 days.to query, optionalExclusive periodStart upper bound. Supply it with from; maximum range is 366 days.domainId query, optionalFilter by domain UUID.authorization query, optionalFilter by operator review state.health query, optionalFilter by active-evidence alignment health.kind query, optionalFilter by source kind.query query, optionalCase-insensitive search across source, name, provider, and domain.200Filtered sender inventory CSV export.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The requested evidence predates the current plan's history entitlement.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./sending-sources/{sourceId}Returns one tenant-scoped sending source with durable evidence, authentication domains, and review history.
reports:readsourceId path, requiredUUID of the tenant-scoped sending source.from query, optionalInclusive periodStart lower bound. Supply it with to; omitted ranges default to the last 30 days.to query, optionalExclusive periodStart upper bound. Supply it with from; maximum range is 366 days.200Sending source, durable evidence, authentication domains, and review history.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The requested evidence predates the current plan's history entitlement.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped sending source does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./sending-sources/{sourceId}Reviews authorization and operator metadata with revision-based concurrency and idempotent audit history.
reports:writesourceId path, requiredUUID of the tenant-scoped sending source.from query, optionalInclusive periodStart lower bound. Supply it with to; omitted ranges default to the last 30 days.to query, optionalExclusive periodStart upper bound. Supply it with from; maximum range is 366 days.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Strict source review input with the revision last read by the client. Unknown fields are rejected. Content type: application/json.
{
"authorization": "authorized",
"expectedRevision": 3,
"name": "Transactional mail",
"provider": "Example ESP"
}200Applied or safely replayed source review.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402The requested evidence predates the current plan's history entitlement.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped sending source does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.6 operations
/webhooksLists signed-webhook endpoints without ever exposing their signing secrets.
webhooks:readlimit query, optionalNumber of items to return.cursor query, optionalOpaque cursor from the previous page.enabled query, optionalFilter by enabled state.200A webhook endpoint page with no signing secrets.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./webhooksCreates an entitled HTTPS webhook endpoint and reveals the signing secret exactly once.
webhooks:writeIdempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.Strict signed-webhook endpoint input. Unknown fields are rejected. Content type: application/json.
{
"eventTypes": [
"incident.confirmed",
"incident.recovered"
],
"name": "Incident automation",
"url": "https://hooks.example.com/maildns"
}201Created endpoint, alert channel, and one-time signing secret.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402Signed webhooks are not included in the current plan.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./webhooks/{endpointId}Returns a webhook endpoint plus its 50 most recent delivery outcomes, without its secret.
webhooks:readendpointId path, requiredUUID of the tenant-scoped webhook endpoint.200Webhook endpoint and its 50 most recent delivery outcomes.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped webhook endpoint does not exist or is not visible.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./webhooks/{endpointId}Changes webhook configuration; changing the destination URL clears its previous verification.
webhooks:writeendpointId path, requiredUUID of the tenant-scoped webhook endpoint.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.At least one webhook change. Unknown fields are rejected. Content type: application/json.
{
"enabled": true,
"name": "Primary incident automation"
}200Updated webhook endpoint.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402Signed webhooks are not included in the current plan.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped webhook endpoint does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./webhooks/{endpointId}Soft-deletes a webhook endpoint and its corresponding alert channel.
webhooks:writeendpointId path, requiredUUID of the tenant-scoped webhook endpoint.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.200Soft-deletion confirmation.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped webhook endpoint does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached./webhooks/{endpointId}/secret/rotateInvalidates the previous signing secret and reveals its replacement exactly once.
webhooks:writeendpointId path, requiredUUID of the tenant-scoped webhook endpoint.Idempotency-Key header, requiredA fresh UUID for this logical mutation. Reuse it only to retry the exact same operation and normalized body.200Replacement signing secret and invalidation confirmation.400Malformed JSON, a missing Idempotency-Key, or an invalid trusted client-IP header.401The Bearer token is missing, invalid, expired, or revoked.402Signed webhooks are not included in the current plan.403The key lacks the required scope or its CIDR restriction rejects the trusted client IP.404The tenant-scoped webhook endpoint does not exist or is not visible.409The resource state conflicts with the requested mutation, or the Idempotency-Key was reused with different input.413The JSON body exceeds the endpoint's documented byte limit.414The request URL exceeds 8,192 characters.422A path, query, or strict JSON field is invalid.429The organization rate limit, monthly API-unit quota (`api_quota_exceeded`), or an operation cooldown was reached.