The Webhooks API allows you to subscribe to events happening in iTwin Platform.

### Supported event sources

- iModels events


webhooks

webhooks-v2

---

Returns a list of user's owned webhooks of any event source.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:read`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


get-webhooks

OAuth access token with scope `webhooks:read`

Authorization

Setting to `application/vnd.bentley.itwin-platform.v1+json` is recommended.

Accept

default

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

HeaderNotFound

application/json;InvalidAuthorizationScheme

InvalidAuthorizationScheme

InvalidHeaderValue

RequiredScopeMissing

Unauthorized

This response indicates that the user has sent too many requests in a given amount of time.

The number of requests exceeds the rate-limit for the client subscription.

retry-after

Common property representation of a webhook.

webhook

Globally unique identifier of the webhook.

string

eventSource

An indicator showing webhook activity. If true, webhook is actively forwarding the events. If false, webhook events are stopped.

isActive

boolean

A value that indicates if webhook callback ownership is validated.

isValidated

callbackUrl

expirationDateTime

Webhook

Error

One of a server-defined set of error codes.

code

A human-readable representation of the error.

message

target

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

ErrorResponse

error

Error Response

---

This operation can be used to activate a deactivated webhook. Deactivated webhooks do not forward any events to the callback, activating enables this feature back again.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:modify`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


activate-webhook

OAuth access token with scope `webhooks:modify`

The request has been accepted for processing.

User is not authorized to activate a webhook.

The 422 (Unprocessable Entity) status code indicates that the request cannot be processed by the server due to a client error (e.g. malformed request syntax).

---

### Event Types

Currently supported webhook event types:
- iModelDeletedEvent
- NamedVersionCreatedEvent
- ChangeSetPushedEvent
- ChangesetGroupCompletedEvent
- ChangesReadyEvent

### Security

On webhook creation, webhook secret is being generated. Before forwarding an event to client, secret is used together with whole event body to generate `HMAC-SHA256` signature which is included in `Signature` request header. Before doing anything with the received event client SHOULD use its own secret copy together with the event body and generate another signature on their end to validate the event source. If both signatures are the same, event SHOULD be accepted as valid one and ignored otherwise.

### Expiration

When creating a webhook expiration date time CAN be specified after which the webhook will become deactivated. If expiration time is not specified, webhook expires automatically after 30 days.

### Notes

Webhook deletion is not persisted after iModel deletion. When deleting an iModel make sure to delete related webhooks as well.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:modify`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


create-imodels-webhook

Location

---

This operation can be used to deactivate a webhook. Deactivated webhooks do not forward any events to the callback. Deactivated webhooks are not deleted and can be activated again.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:modify`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


deactivate-webhook

User is not authorized to deactivate a webhook.

---

Deleted webhooks can not be restored and have to be created again. If you want to temporary stop receiving events consider deactivating a webhook instead.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:modify`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


delete-webhook

User is not authorized to delete a webhook.

---

Returns a detailed response of a webhook.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:read`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


get-webhook

---

This operation can be used to manually confirm webhook callback ownership if a client application does not support required handshake. Fully constructed URL with required query parameters values for this operation can be found within automatic validation request header `WebHook-Request-Callback` that is sent to specified callback URL after webhook is created. If webhook callback ownership was confirmed automatically, this operation should not be used anymore.

### Authentication

Requires `Authorization` header with valid Bearer token for scope `webhooks:modify`.

For more documentation on authorization and how to get access token visit [OAUTH2 Authorization](https://developer.bentley.com/apis/overview/authorization/) page.

---


confirm-webhook-callback-ownership

Webhook callback ownership was confirmed.

Get a list of user webhooks - Webhooks | iTwin Platform

This tutorial will teach you how to use Webhooks API V1 to subscribe to iModel events and introduce basic event handling workflows.

Create and react to iModel events using Webhooks API V1

This tutorial will teach you how to use Webhooks API V2 to subscribe to events and introduce basic event handling workflows.

Authentication

Request

Request headers

Response

Response 200 OK

Response 401 Unauthorized

Response 429 Too many requests

Definitions

Webhook

Error

Error Response