Webhook API Documentation (moego.business.webhook.v1)
๐ 1. Functional Overview
Webhook is a lightweight event notification mechanism that actively pushes data to a specified URL when certain business
events occur. This interface enables:
- Creating, updating, and deleting webhook configurations;
- Listing all webhooks;
- Testing whether webhooks are functioning properly;
- Viewing and retrying webhook delivery logs.
๐ฏ 2. Design Goals
- Real-time Push: Supports event-driven architecture for low-latency communication between systems.
- Secure and Reliable: Supports HTTPS, HMAC signing, and custom headers.
- Easy Integration: Provides RESTful interfaces compatible with mainstream development languages and frameworks.
Applicable to scenarios such as order status change notifications, user registration synchronization, exception alerts,
and third-party system integration.
๐งฉ 3. Core Concepts
1. Webhook
Represents a webhook subscription configuration, including the target URL, subscribed event types, authentication
method, etc.
| Field Name |
Type |
Description |
id |
string |
Unique identifier |
organizations |
Array(Organization) |
List of organizations |
eventTypes |
Array(EventType) |
Subscribed event types |
endpointUrl |
string |
URL to receive webhook |
secretToken |
string |
Optional HMAC token |
contentType |
ContentType |
Default is JSON |
isActive |
bool |
Whether active |
verifySsl |
bool |
Whether to verify SSL |
headers |
map(string, HeaderValues) |
Custom HTTP headers |
createdTime |
Timestamp |
Creation time |
updatedTime |
Timestamp |
Last update time |
2. Organization
Represents an organization entity in the MoeGo system. Organizations are the top-level grouping for resources and
determine available features and capabilities.
| Field Name |
Type |
Description |
id |
string |
Unique identifier for the organization. The prefix should match the organization type:
- BUSINESS: Format โbiz_โ + random characters (e.g., โbiz_id001โ)
- COMPANY: Format โcop_โ + random characters (e.g., โcop_id001โ)
- ENTERPRISE: Format โent_โ + random characters (e.g., โent_id001โ) |
type |
Type |
Organizationโs service tier. Determines feature availability and API capabilities. Options:
- BUSINESS: Single-location business with standard features
- COMPANY: Multi-location business with advanced features
- ENTERPRISE: Enterprise organization with full platform access |
Example:
{
"organizations": [
{
"id": "cop_id001",
"type": "COMPANY"
},
{
"id": "biz_id001",
"type": "BUSINESS"
}
]
}
Usage in Webhooks: When specified in a webhook configuration, the webhook will only receive events from the listed
organizations. If the organizations array is empty, the webhook receives events from all organizations accessible to
the API key.
3. EventType
Event types categorize different kinds of events that can trigger webhook calls. Each event type corresponds to a
specific business operation or system occurrence.
Event Type Ranges:
- **System Events **(1-99): System-level operations and monitoring
HEALTH_CHECK: Health check event for system monitoring
- **Appointment Events **(100-199): Appointment lifecycle changes
APPOINTMENT_CREATED: New appointment has been createdAPPOINTMENT_UPDATED: Existing appointment has been modifiedAPPOINTMENT_FINISHED: Service delivery has been completedAPPOINTMENT_CANCELED: Appointment has been canceledAPPOINTMENT_DELETED: Appointment has been permanently removedAPPOINTMENT_FULLY_PAID: All payments for the appointment received (TODO)
- **Online Booking Events **(200-299): Customer self-service booking
ONLINE_BOOKING_RECEIVED: New online booking request received (TODO)
- **Customer Events **(300-399): Customer data changes
CUSTOMER_CREATED: New customer has been createdCUSTOMER_UPDATED: Existing customer has been modifiedCUSTOMER_DELETED: Customer has been permanently removed
- **Pet Events **(400-499): Pet data changes
PET_CREATED: New pet has been createdPET_UPDATED: Existing pet has been modifiedPET_DELETED: Pet has been permanently removed
For detailed event structures and payloads, refer to event.proto.
Represents a list of values for a custom HTTP header key. This allows webhooks to include multiple values for the same
header when delivering payloads.
| Field Name |
Type |
Description |
values |
Array(string) |
List of values for the header key |
Usage in Webhooks: Custom HTTP headers can be added to webhook delivery requests for authentication, identification,
or other purposes. Each header key maps to a HeaderValues object containing one or more string values.
Example:
{
"headers": {
"Authorization": {
"values": [
"Bearer your_token"
]
},
"X-Custom-Header": {
"values": [
"value1",
"value2"
]
}
}
}
5. WebhookDelivery
Represents a specific webhook push record.
By default, delivery logs are retained for up to 15 days
| Field Name |
Type |
Description |
id |
string |
Delivery log ID |
webhookId |
string |
Associated webhook ID |
eventType |
EventType |
Event type (see section 3 above) |
eventId |
string |
Unique event ID |
requestUrl |
string |
Request URL |
deliveredTo |
string |
Actual destination address |
requestHeaders |
map(string, HeaderValues) |
Request headers (see section 4) |
requestBody |
bytes |
The request body encoded in base64 |
responseStatus |
int32 |
HTTP status code |
responseHeaders |
map(string, HeaderValues) |
Response headers (see section 4) |
responseBody |
bytes |
The Response body encoded in base64 |
deliveredAt |
Timestamp |
Delivery timestamp |
durationMs |
int64 |
Duration in milliseconds |
success |
bool |
Whether successful |
error |
string |
Error message |
retryCount |
int32 |
Retry count |
requestFormat |
ContentType |
Request format |
responseFormat |
ContentType |
Response format |
๐ 5. Typical Usage Flow
โ
Scenario: User Integrates and Debugs Webhook
Here is a typical integration flow:
- Create Webhook
- Specify endpoint URL and interested event types.
- Set HMAC token, headers, etc.
- Trigger Test Call
- Use
TriggerTestWebhookDelivery to send a test event (e.g., ping).
- Verify that the server receives the request.
- View Delivery Logs
- Use
ListWebhookDeliveries to view historical push records.
- Analyze failure reasons (e.g., network errors, permission issues).
- Update/Delete Webhook
- Modify endpoint or event_types.
- Delete when no longer needed.
- Monitoring & Retrying
- Regularly check delivery success rate.
- Use
RedeliverWebhookDelivery to retry failed deliveries.
๐ฆ 6. API Interface Descriptions
1. Create Webhook (CreateWebhook)
- Method:
CreateWebhook
- HTTP Method: POST
- Path:
/v1/webhooks
โ
Functionality:
Registers a new webhook, subscribes to specified event types, and configures the target URL and related parameters (
e.g., authentication token, headers).
๐ฏ Use Cases:
- Users want to receive business events like order creation or payment success.
- Third-party developers subscribe to event streams under specific organizations.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
endpointUrl |
string |
Yes |
URL to receive webhook |
organizations |
Array(Organization) |
No |
Organization list (empty means all) |
eventTypes |
Array(EventType) |
Yes |
List of event types (empty = none) |
secretToken |
string |
No |
Optional HMAC token |
contentType |
ContentType |
No |
Content format, default JSON |
isActive |
bool |
No |
Whether active, default true |
verifySsl |
bool |
No |
Whether to verify SSL (recommended) |
headers |
map(string, HeaderValues) |
No |
Custom HTTP headers |
๐ก Example Request:
{
"endpointUrl": "https://your-service.com/webhook",
"organizations": [
{
"id": "cop_id001",
"type": "COMPANY"
}
],
"eventTypes": [
"APPOINTMENT_CREATED",
"APPOINTMENT_FINISHED"
],
"secretToken": "my-secret-token",
"isActive": true,
"verifySsl": true,
"headers": {
"Authorization": {
"values": [
"Bearer your_token"
]
}
}
}
๐ Return Value:
| Field Name |
Type |
Description |
webhook |
Webhook |
The created webhook object |
โ ๏ธ Error Codes:
| Error Code |
Description |
ALREADY_EXISTS |
A webhook with the same endpoint URL already exists |
PERMISSION_DENIED |
Permission denied |
INVALID_ARGUMENT |
Invalid request parameters |
NOT_FOUND |
Specified organization does not exist |
RESOURCE_EXHAUSTED |
Maximum webhook count reached |
2. Get Webhook (GetWebhook)
- Method:
GetWebhook
- HTTP Method: GET
- Path:
/v1/webhooks/{id}
โ
Functionality:
Retrieves a registered webhookโs full configuration, including subscribed event types, target address, and status.
๐ฏ Use Cases:
- Check current webhook configuration.
- Verify subscribed event types or organizations.
- Confirm webhook during debugging.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Webhook ID to retrieve |
๐ Return Value:
| Field Name |
Type |
Description |
webhook |
Webhook |
The retrieved webhook object |
โ ๏ธ Error Codes:
| Error Code |
Description |
NOT_FOUND |
Specified webhook ID does not exist |
PERMISSION_DENIED |
Permission denied |
3. Update Webhook (UpdateWebhook)
- Method:
UpdateWebhook
- HTTP Method: PUT
- Path:
/v1/webhooks/{id}
โ
Functionality:
Updates an existing webhook configuration, e.g., modify endpoint URL, adjust subscribed event types, update headers or
secret token.
๐ฏ Use Cases:
- Change callback address (e.g., deploy new service).
- Add new event subscriptions.
- Update signature token or headers due to security changes.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Webhook ID to update |
endpointUrl |
string |
Yes |
New endpoint URL |
organizations |
Array(Organization) |
No |
Updated organization list |
eventTypes |
Array(EventType) |
Yes |
Updated event types |
secretToken |
string |
No |
Updated secret token |
contentType |
ContentType |
No |
Updated content type |
isActive |
bool |
No |
Whether active |
verifySsl |
bool |
No |
Whether to verify SSL |
headers |
map(string, HeaderValues) |
No |
Custom HTTP headers |
๐ Return Value:
| Field Name |
Type |
Description |
webhook |
Webhook |
The updated webhook object |
โ ๏ธ Error Codes:
| Error Code |
Description |
NOT_FOUND |
Specified webhook ID does not exist |
PERMISSION_DENIED |
Permission denied |
4. Delete Webhook (DeleteWebhook)
- Method:
DeleteWebhook
- HTTP Method: DELETE
- Path:
/v1/webhooks/{id}
โ
Functionality:
Deletes a registered webhook and stops all its event pushes.
๐ฏ Use Cases:
- Stop unnecessary notifications.
- Clean up invalid webhooks in testing environments.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Webhook ID to delete |
๐ Return Value:
| Field Name |
Type |
Description |
| (empty) |
DeleteWebhookResponse |
Empty response on success |
โ ๏ธ Error Codes:
| Error Code |
Description |
NOT_FOUND |
Specified webhook ID does not exist |
PERMISSION_DENIED |
Permission denied |
5. List Webhooks (ListWebhooks)
- Method:
ListWebhooks
- HTTP Method: POST
- Path:
/v1/webhooks:list
โ
Functionality:
Lists all webhooks under the current account, supporting filtering by status, event types, and time range.
๐ฏ Use Cases:
- View all webhooksโ status and subscriptions.
- Audit or debug webhook configurations.
- Monitor active/inactive webhook counts.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
pagination |
Pagination |
Yes |
Pagination info: pageSize, pageToken |
filter.isActive |
bool |
No |
Filter by active status |
filter.eventTypes |
Array(EventType) |
No |
Filter by event types |
filter.createdTime |
Interval |
No |
Filter by creation time |
filter.updatedTime |
Interval |
No |
Filter by update time |
๐ Return Value:
| Field Name |
Type |
Description |
nextPageToken |
string |
Token for next page |
webhooks |
Array(Webhook) |
List of matching webhook configurations |
โ ๏ธ Error Code:
| Error Code |
Description |
PERMISSION_DENIED |
Permission denied |
6. Trigger Test Webhook (TriggerTestWebhookDelivery)
- Method:
TriggerTestWebhookDelivery
- HTTP Method: POST
- Path:
/v1/webhooks/{id}/test
โ
Functionality:
Manually triggers a test event delivery to verify whether the webhook is working correctly. Sends a โpingโ event by
default.
๐ฏ Use Cases:
- Test if the webhook endpoint can receive and process requests.
- Verify that the signature token and headers are configured correctly.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Webhook ID to test |
eventType |
EventType |
No |
Custom event type (default: PING) |
payload |
bytes |
No |
Custom payload content |
๐ Return Value:
| Field Name |
Type |
Description |
delivery |
WebhookDelivery |
The delivery log object |
โ ๏ธ Error Codes:
| Error Code |
Description |
NOT_FOUND |
Specified webhook ID does not exist |
PERMISSION_DENIED |
Permission denied |
7. Get Webhook Delivery Log (GetWebhookDelivery)
- Method:
GetWebhookDelivery
- HTTP Method: GET
- Path:
/v1/webhook/deliveries/{id}
โ
Functionality:
Retrieves a specific webhook push record, including detailed request/response information.
๐ฏ Use Cases:
- Check whether a delivery was successful.
- Troubleshoot failures (e.g., network errors, permissions).
- Audit delivery history.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Delivery log ID |
๐ Return Value:
| Field Name |
Type |
Description |
delivery |
WebhookDelivery |
The retrieved delivery object |
โ ๏ธ Error Codes:
| Error Code |
Description |
NOT_FOUND |
Specified log ID does not exist |
PERMISSION_DENIED |
Permission denied |
8. List All Webhook Deliveries (ListWebhookDeliveries)
- Method:
ListWebhookDeliveries
- HTTP Method: POST
- Path:
/v1/webhook/deliveries:list
โ
Functionality:
Lists all push records for a given webhook, supports filtering by event type, success status, and time range.
๐ฏ Use Cases:
- Monitor webhook delivery success rate.
- Analyze failures (e.g., timeouts, status codes).
- Audit push history.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
pagination |
Pagination |
Yes |
Pagination info |
webhookId |
string |
Yes |
Associated webhook ID |
filter.eventTypes |
Array(EventType) |
No |
Filter by event types |
filter.success |
bool |
No |
Filter by success status |
filter.deliveryTime |
Interval |
No |
Filter by delivery time range |
๐ Return Value:
| Field Name |
Type |
Description |
nextPageToken |
string |
Token for next page |
deliveries |
Array(WebhookDelivery) |
List of matching delivery objects |
โ ๏ธ Error Code:
| Error Code |
Description |
PERMISSION_DENIED |
Permission denied |
9. Redeliver Webhook Delivery (RedeliverWebhookDeliveries)
- Method:
RedeliverWebhookDeliveries
- HTTP Method: POST
- Path:
/v1/webhooks/deliveries/{id}/redeliver
โ
Functionality:
Retries a failed webhook delivery, useful after fixing endpoint issues.
๐ฏ Use Cases:
- Resend failed messages after endpoint recovery.
- Debug webhook delivery logic.
๐ง Request Parameters:
| Field Name |
Type |
Required |
Description |
id |
string |
Yes |
Delivery log ID to retry |
webhookId |
string |
Yes |
Associated webhook ID |
๐ Return Value:
| Field Name |
Type |
Description |
delivery |
WebhookDelivery |
The redelivered delivery object |
โ ๏ธ Error Code:
| Error Code |
Description |
PERMISSION_DENIED |
Permission denied |
๐งช 7. Usage Examples
Example 1: Create Webhook
{
"endpointUrl": "https://your-service.com/webhook",
"organizations": [
{
"id": "cop_id001",
"type": "COMPANY"
},
{
"id": "biz_id001",
"type": "BUSINESS"
}
],
"eventTypes": [
"APPOINTMENT_CREATED",
"CUSTOMER_CREATED"
],
"secretToken": "my-secret-token",
"isActive": true,
"verifySsl": true,
"headers": {
"Authorization": {
"values": [
"Bearer your_token"
]
}
}
}
Example 2: Trigger Test Call
{
"id": "whk_001",
"eventType": "HEALTH_CHECK",
"payload": "{ \"test\": \"hello world\" }"
}
Example 3: Query Delivery Logs
{
"webhookId": "whk_001",
"pagination": {
"pageSize": 20,
"pageToken": "1"
},
"filter": {
"success": false,
"deliveryTime": {
"startTime": "2024-08-01T00:00:00Z",
"endTime": "2024-08-02T00:00:00Z"
}
}
}
โ ๏ธ 8. Usage Limitations
To ensure system stability and fair resource usage, the following default limits are applied to webhook usage:
1. Maximum Number of Webhook Configurations per Client
- Limit: Up to 50
- Description: Prevents abuse or malicious registration of large numbers of webhooks. Contact us if you need a
higher limit.
2. Maximum Pushes per Minute per Webhook
- Limit: Up to 500 times/minute
- Description: Avoids downstream service overload due to high-frequency pushes. Evaluate service capacity before
requesting higher thresholds. Contact us if you need a higher limit.
3. Daily Total Push Count per Webhook
- Limit: Up to 50,000 times/day
- Description: Controls long-term resource consumption to ensure overall system stability and fairness. Contact us
if you need a higher limit.
4. Monthly Total Push Count per Webhook
- Limit: Up to 1,500,000 times/month
- Description: Long-term resource allocation basis, suitable for multi-tenant SaaS resource management strategies. Contact us if you need a higher limit.
5. Delivery Log Retention Period
- Limit: Delivery logs (
WebhookDelivery) are retained for a maximum of 15 days by default.
- Description: Logs older than 15 days are automatically deleted to manage storage and performance. For long-term
auditing, export logs periodically.
โ ๏ธ Note: If limits are exceeded, the API may return RESOURCE_EXHAUSTED. It is recommended that clients implement
reasonable rate-limiting fallback logic, such as queue caching and delayed retries.
๐ 9. FAQ
| Question |
Answer |
| How to determine if a webhook is effective? |
Use TriggerTestWebhookDelivery to send a test and observe delivery logs |
| How to prevent duplicate webhooks? |
System automatically detects identical endpoint_url, returns ALREADY_EXISTS |
| What content formats does webhook support? |
Currently supports JSON, default CONTENT_TYPE_JSON |
| How to view failed records? |
Use ListWebhookDeliveries with filter.success = false |
| Can webhook limit events from specific companies or businesses? |
Yes, via the organizations field |
| Why does creating a webhook return โresource exhaustedโ? |
The client may have reached the maximum allowed webhook count. Clean up unused webhooks or contact admin to increase quota. |
| Why does webhook delivery fail with status RESOURCE_EXHAUSTED? |
Indicates push frequency or total volume has exceeded platform limits. Try again later or optimize push logic to avoid triggering rate limiting. |
๐ก๏ธ 10. Security Recommendations
- โ
Enable
verifySsl to prevent man-in-the-middle attacks.
- โ
Use
secretToken to sign payloads (e.g., HMAC).
- โ
Set reasonable HTTP headers, such as Bearer Token.
- โ
Control access to ensure only authorized users can operate webhooks.
- โ
Avoid exposing sensitive information in
headers or payload.
- โ
Recommend cleaning up invalid webhooks regularly.
- โ
Recommend anti-replay attack handling on the receiving side.
๐ 11. Common Error Codes
| Error Code |
Description |
ALREADY_EXISTS |
A webhook with the same URL already exists |
NOT_FOUND |
Webhook or delivery ID does not exist |
PERMISSION_DENIED |
Current user has no access rights |
INVALID_ARGUMENT |
Invalid request parameters |
INTERNAL |
Internal server error |
RESOURCE_EXHAUSTED |
Request exceeds system quota limits |