> ## Documentation Index
> Fetch the complete documentation index at: https://docs.usenexio.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Webhook Endpoints

> List all webhook endpoints configured for your organization.



## OpenAPI

````yaml GET /api/v1/webhooks
openapi: 3.1.0
info:
  title: Nexio API
  version: '1.0'
  description: |
    Nexio agentic infrastructure API. Configure engines for placement,
    entity analysis, and other patterns. Submit runs, poll for results,
    or subscribe to signed webhook callbacks.
  contact:
    email: support@usenexio.com
    url: https://docs.usenexio.com
servers:
  - url: https://api.usenexio.com
    description: Production
security:
  - BearerAuth: []
tags:
  - name: EngineManagement
    description: Create, configure, and manage inference engines.
  - name: Engines
    description: Engine-scoped endpoints for submitting runs and retrieving results.
  - name: Runs
    description: Retrieve and reconcile submitted runs.
  - name: Catalog
    description: >-
      Read current carriers and products extracted for the authenticated
      organization.
  - name: Environments
    description: Isolated tenancy scopes under your org (one live plus non-live sandboxes).
  - name: Webhooks
    description: Manage webhook endpoints for push-based delivery of terminal run events.
paths:
  /api/v1/webhooks:
    get:
      tags:
        - Webhooks
      summary: List Webhook Endpoints
      description: |
        Returns all webhook endpoints for the authenticated organization and
        environment. Secrets are never returned on list responses.
      operationId: listWebhooks
      responses:
        '200':
          description: List of webhook endpoints.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListWebhooksResponse'
              example:
                endpoints:
                  - id: 550e8400-e29b-41d4-a716-446655440000
                    url: https://api.example.com/nexio/webhooks
                    environment: live
                    events:
                      - run.completed
                      - run.failed
                    description: Production callback
                    active: true
                    auth_token_configured: true
                    webhook_version: '2026-03-22'
                    created_at: '2026-03-22T12:00:00Z'
                    updated_at: '2026-03-22T12:00:00Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
        '503':
          $ref: '#/components/responses/AuthUnavailable'
components:
  schemas:
    ListWebhooksResponse:
      type: object
      required:
        - endpoints
      properties:
        endpoints:
          type: array
          items:
            $ref: '#/components/schemas/WebhookEndpoint'
    WebhookEndpoint:
      type: object
      required:
        - id
        - url
        - environment
        - events
        - active
        - auth_token_configured
        - webhook_version
        - created_at
      properties:
        id:
          type: string
          format: uuid
          description: Endpoint identifier.
        url:
          type: string
          format: uri
          description: Delivery target URL.
        environment:
          type: string
          enum:
            - test
            - live
          description: Environment this endpoint receives events from.
        events:
          type: array
          items:
            type: string
            enum:
              - run.completed
              - run.failed
              - run.superseded
          description: Subscribed event types.
        description:
          type: string
          description: Human-readable description.
        active:
          type: boolean
          description: Whether the endpoint is active.
        auth_token_configured:
          type: boolean
          description: Whether an auth token is set (the token value is never returned).
        webhook_version:
          type: string
          description: Payload version string (e.g. `2026-03-22`).
        payload_mode:
          type: string
          enum:
            - full
            - thin
          description: >-
            Delivery body shape. `full` (default) carries the complete run;
            `thin` carries only run identifiers and terminal status.
        previous_secret_expires_at:
          type: string
          format: date-time
          description: Exact instant when the previous secret stops being valid.
        deactivated_at:
          type: string
          format: date-time
          description: >-
            Present only while the system has deactivated the endpoint after a
            consecutive dead-letter streak. Cleared on re-enable.
        deactivated_by:
          type: string
          description: >-
            Actor that deactivated the endpoint (`system` for the automatic
            dead-letter streak deactivation). Present only while deactivated.
        deactivated_reason:
          type: string
          description: >-
            Why the endpoint was deactivated, including the triggering delivery
            ID. Present only while deactivated.
        created_at:
          type: string
          format: date-time
          description: RFC 3339 creation timestamp.
        updated_at:
          type: string
          format: date-time
          description: RFC 3339 last-update timestamp.
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: |
            Stable snake_case error identifier. Safe to match programmatically.

            Known codes: `invalid_request`, `invalid_input`, `unauthorized`,
            `auth_unavailable`, `rate_limited`, `missing_run_id`,
            `invalid_run_id`, `run_not_found`, `invalid_offerings`,
            `missing_input`, `queue_unreachable`,
            `engine_not_found`, `engine_slug_conflict`, `engine_archived`,
            `invalid_engine_type`, `validation_error`,
            `webhook_not_found`, `webhook_limit_exceeded`, `invalid_url`,
            `invalid_events`, `invalid_description`, `invalid_auth_token`,
            `missing_endpoint_id`, `invalid_endpoint_id`, `missing_delivery_id`,
            `invalid_delivery_id`, `delivery_not_found`,
            `delivery_not_resendable`, `insufficient_capability`,
            `engine_version_required`, `engine_version_exact_required`,
            `engine_version_not_found`, `engine_version_invalid_format`,
            `engine_version_draft_requires_sandbox_key`,
            `engine_version_none_released`, `test_scenario_sandbox_only`,
            `test_scenario_forbidden`, `test_scenario_exact_version_required`,
            `test_scenario_version_not_supported`, `invalid_test_scenario`,
            `request_bound_exceeded`, and `run_cap_exceeded`.
        message:
          type: string
          description: Human-readable error message. May change between versions.
        details:
          description: |
            Optional request-specific details. Request-bound failures use the
            `RequestBoundDetails` object. Validation failures may use an array
            of field issues or another documented object.
  responses:
    Unauthorized:
      description: Missing or invalid API key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: unauthorized
            message: Missing or invalid API key
    RateLimited:
      description: Rate limit exceeded. Retry after the window resets.
      headers:
        Retry-After:
          description: Seconds until the rate limit window resets.
          schema:
            type: integer
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: rate_limited
            message: Rate limit exceeded
    AuthUnavailable:
      description: API key authentication is temporarily unavailable.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            code: auth_unavailable
            message: API key authentication is temporarily unavailable
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: |
        Send the credential as `Authorization: Bearer <key>`.

        Scoped partner credentials use the exclusive `nxsk_v1_...` namespace.
        Each scoped key is bound at issuance to one organization, one canonical
        named environment, an explicit engine set, and a least-privilege
        capability set. A malformed, unknown, rotated, or revoked `nxsk_` key
        fails closed and is never retried as a legacy key.

        Capabilities used by this API are `runs:write`, `runs:read`,
        `engines:read`, `catalog:read`, `webhooks:manage`,
        `runs:defensibility:read`, `runs:test`, and `converse:use`. Operation
        descriptions name the required capability.
        Grandfathered `nx_live_...` and `nx_test_...` keys retain their existing
        broad access during the compatibility window.

````