vellTRDocs
API ReferenceWebhooksCreate Webhook Endpoint

Create Webhook Endpoint

POST/v1/stores/{storeId}/webhooksCore

Register a webhook endpoint for a store. The signing secret is returned once. Kvell signs every delivery as X-Kvell-Signature: sha256=<hex HMAC-SHA256 over the raw body using this secret>.

Authentication

Signature Pattern

Dashboard JWT bearer (not the HMAC public API).
HeaderValueDescription
AuthorizationBearer {jwt}Merchant dashboard JWT (from /v1/auth/login)
Content-Typeapplication/jsonRequest content type

Request Parameters

NameTypeRequiredDescription
urlstringRequiredHTTPS URL to deliver events to
eventTypesarrayOptionalEvent types to receive (e.g. ["payment.captured"])

Request Example

JSONRequest Body
{
  "url": "https://merchant.example.com/kvell/webhook",
  "eventTypes": [
    "payment.captured",
    "payment.refunded",
    "payout.succeeded"
  ]
}

Response Parameters

FieldTypeExample
idstring"whe_9a2e6b4d4e8a"
merchantIdstring"mrc_8a1b2c3d4e5f"
urlstring"https://merchant.example.com/kvell/webhook"
secretstring"whsec_2b3c4d5e6f708192a3b4c5d6"
eventTypesarray["payment.captured","payment.refunded","p…
activebooleantrue
statusstring"active"
createdAtstring"2026-04-13T10:00:00Z"

Response Example

JSONResponse
{
  "id": "whe_9a2e6b4d4e8a",
  "merchantId": "mrc_8a1b2c3d4e5f",
  "url": "https://merchant.example.com/kvell/webhook",
  "secret": "whsec_2b3c4d5e6f708192a3b4c5d6",
  "eventTypes": [
    "payment.captured",
    "payment.refunded",
    "payout.succeeded"
  ],
  "active": true,
  "status": "active",
  "createdAt": "2026-04-13T10:00:00Z"
}

Status Codes

200Success
201Created
400Bad Request
401Unauthorized
404Not Found
429Rate Limited
Try itMock
POSThttps://api.pay.sandbox.kvell.group