Webhooks

Configure webhook notifications for document status changes.

Manage webhook configurations via JSON:API. See the Webhooks guide for payload structure, signature verification, and retry policy.

List all webhook configurations visible to the caller in the caller's environment (own tenant + sub-tenants if caller is a PARTNER)

GET /bizzlink/webhooks

List all webhook configurations visible to the caller in the caller’s environment (own tenant + sub-tenants if caller is a PARTNER)

Responses:

Status	Description
`200`	OK

Response Body — JsonApiScopedListDocumentWebhookAttributes:

Field	Type	Description
`data`	`JsonApiScopedResourceWebhookAttributes[]`
`attributes`	`WebhookAttributes`	Resource-specific fields.
`chainEnabled`	`boolean`
`createdAt`	`datetime`
`enabled`	`boolean`
`environment`	`string`
`events`	`string[]`
`secret`	`string`
`updatedAt`	`datetime`
`url`	`string`
`id`	`string`	Unique resource identifier (UUID).
`meta`	`JsonApiMeta`	Resource-level meta object carrying the ownership scope (tenant vs legal-entity).
`scope`	`JsonApiScope`
`type`	`string`	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	Resource type — matches the endpoint (e.g. 'email-templates', 'notification-emails').
`links`	`JsonApiLinks`
`first`	`string`	URL of the first page.
`last`	`string`	URL of the last page.
`next`	`string`	URL of the next page, null on last page.
`prev`	`string`	URL of the previous page, null on first page.
`self`	`string`	URL of the current page.
`meta`	`JsonApiPaginationMeta`
`page`	`integer`	1-based index of the current page.
`size`	`integer`	Number of items per page.
`totalElements`	`integer`	Total number of items across all pages.
`totalPages`	`integer`	Total number of pages.

cURL Request

curl -X GET https://gateway.vigasoft.lu/bizzlink/webhooks \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE"

Response
200 OK

{
    "data": [
    {
        "attributes": {
          "chainEnabled": false,
          "createdAt": "2026-01-01T00:00:00Z",
          "enabled": false,
          "environment": "string",
          "events": ["string"],
          "secret": "string",
          "updatedAt": "2026-01-01T00:00:00Z",
          "url": "string"
      },
        "id": "550e8400-e29b-41d4-a716-446655440000",
        "meta": {
          "scope": {
            "type": "legal-entity",
            "value": "9938:lu28079289"
        }
      },
        "type": "email-templates"
    }
    ],
    "links": {
      "first": "https://gateway.vigasoft.lu/bizzlink/documents?page%5Bnumber%5D=1&page%5Bsize%5D=20",
      "last": "https://gateway.vigasoft.lu/bizzlink/documents?page%5Bnumber%5D=7&page%5Bsize%5D=20",
      "next": "https://gateway.vigasoft.lu/bizzlink/documents?page%5Bnumber%5D=4&page%5Bsize%5D=20",
      "prev": "https://gateway.vigasoft.lu/bizzlink/documents?page%5Bnumber%5D=2&page%5Bsize%5D=20",
      "self": "https://gateway.vigasoft.lu/bizzlink/documents?page%5Bnumber%5D=3&page%5Bsize%5D=20"
  },
    "meta": {
      "page": 1,
      "size": 20,
      "totalElements": 137,
      "totalPages": 7
  }
}

Create a webhook configuration. Scope (tenant/legal-entity/partner) is set via meta.scope. PARTNER callers may target sub-tenants via tenant.value=<sub-tenant-uuid> or by referencing a sub-tenant's Peppol ID.

POST /bizzlink/webhooks

Create a webhook configuration. Scope (tenant/legal-entity/partner) is set via meta.scope. PARTNER callers may target sub-tenants via tenant.value= or by referencing a sub-tenant’s Peppol ID.

Request Body:

Field	Type	Required	Description
`data`	`object`	Yes	Resource envelope. 'attributes' holds the domain fields; 'meta.scope' declares whether the resource belongs to the whole tenant or to a specific legal entity (Peppol ID).
`attributes`	`WebhookAttributesRequest`	Yes	The actual resource fields.
`chainEnabled`	`boolean`	No	Only effective for legal-entity-scoped webhooks: when true, the tenant-level webhook also fires in addition to this one (cascade). Silently forced to false for tenant- and partner-scoped webhooks. Defaults to false.
`enabled`	`boolean`	No	Whether the webhook is active. Disabled webhooks are not invoked. Defaults to true.
`events`	`string[]`	No	List of events to subscribe to. Defaults to all document events when omitted.
`url`	`string`	Yes	Public HTTPS endpoint that will receive POST requests with the event payload. Must not point to an internal host, IP literal, or private/loopback range.
`meta`	`JsonApiMeta`	No	Optional JSON:API meta. Only used by scoped resources (e.g. email templates, notification emails) to declare their ownership scope.
`scope`	`JsonApiScope`	Yes
`type`	`string`	Yes	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	No	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	No	Must be 'webhooks' for this endpoint.

Responses:

Status	Description
`200`	OK

Response Body — JsonApiScopedDocumentWebhookAttributes:

Field	Type	Description
`data`	`JsonApiScopedResourceWebhookAttributes`
`attributes`	`WebhookAttributes`	Resource-specific fields.
`chainEnabled`	`boolean`
`createdAt`	`datetime`
`enabled`	`boolean`
`environment`	`string`
`events`	`string[]`
`secret`	`string`
`updatedAt`	`datetime`
`url`	`string`
`id`	`string`	Unique resource identifier (UUID).
`meta`	`JsonApiMeta`	Resource-level meta object carrying the ownership scope (tenant vs legal-entity).
`scope`	`JsonApiScope`
`type`	`string`	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	Resource type — matches the endpoint (e.g. 'email-templates', 'notification-emails').

cURL Request

curl -X POST https://gateway.vigasoft.lu/bizzlink/webhooks \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE" \
  -H "Content-Type: application/json" \
  -d '{
      "data": {}
  }'

Response
200 OK

{
    "data": {
      "attributes": {
        "chainEnabled": false,
        "createdAt": "2026-01-01T00:00:00Z",
        "enabled": false,
        "environment": "string",
        "events": ["string"],
        "secret": "string",
        "updatedAt": "2026-01-01T00:00:00Z",
        "url": "string"
    },
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "meta": {
        "scope": {
          "type": "legal-entity",
          "value": "9938:lu28079289"
      }
    },
      "type": "email-templates"
  }
}

Delete a webhook configuration

DELETE /bizzlink/webhooks/{id}

Delete a webhook configuration

Responses:

Status	Description
`200`	OK

cURL Request

curl -X DELETE https://gateway.vigasoft.lu/bizzlink/webhooks/{id} \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE"

Get a specific webhook configuration (own tenant or sub-tenant if caller is PARTNER)

GET /bizzlink/webhooks/{id}

Get a specific webhook configuration (own tenant or sub-tenant if caller is PARTNER)

Responses:

Status	Description
`200`	OK

Response Body — JsonApiScopedDocumentWebhookAttributes:

Field	Type	Description
`data`	`JsonApiScopedResourceWebhookAttributes`
`attributes`	`WebhookAttributes`	Resource-specific fields.
`chainEnabled`	`boolean`
`createdAt`	`datetime`
`enabled`	`boolean`
`environment`	`string`
`events`	`string[]`
`secret`	`string`
`updatedAt`	`datetime`
`url`	`string`
`id`	`string`	Unique resource identifier (UUID).
`meta`	`JsonApiMeta`	Resource-level meta object carrying the ownership scope (tenant vs legal-entity).
`scope`	`JsonApiScope`
`type`	`string`	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	Resource type — matches the endpoint (e.g. 'email-templates', 'notification-emails').

cURL Request

curl -X GET https://gateway.vigasoft.lu/bizzlink/webhooks/{id} \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE"

Response
200 OK

{
    "data": {
      "attributes": {
        "chainEnabled": false,
        "createdAt": "2026-01-01T00:00:00Z",
        "enabled": false,
        "environment": "string",
        "events": ["string"],
        "secret": "string",
        "updatedAt": "2026-01-01T00:00:00Z",
        "url": "string"
    },
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "meta": {
        "scope": {
          "type": "legal-entity",
          "value": "9938:lu28079289"
      }
    },
      "type": "email-templates"
  }
}

Update a webhook configuration. Scope is immutable — only attributes can be patched.

PATCH /bizzlink/webhooks/{id}

Update a webhook configuration. Scope is immutable — only attributes can be patched.

Request Body:

Field	Type	Required	Description
`data`	`object`	Yes
`attributes`	`WebhookAttributesRequest`	Yes
`chainEnabled`	`boolean`	No	Only effective for legal-entity-scoped webhooks: when true, the tenant-level webhook also fires in addition to this one (cascade). Silently forced to false for tenant- and partner-scoped webhooks. Defaults to false.
`enabled`	`boolean`	No	Whether the webhook is active. Disabled webhooks are not invoked. Defaults to true.
`events`	`string[]`	No	List of events to subscribe to. Defaults to all document events when omitted.
`url`	`string`	Yes	Public HTTPS endpoint that will receive POST requests with the event payload. Must not point to an internal host, IP literal, or private/loopback range.
`id`	`string`	No
`meta`	`JsonApiMeta`	No
`scope`	`JsonApiScope`	Yes
`type`	`string`	Yes	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	No	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	No	Must be 'webhooks' for this endpoint.

Responses:

Status	Description
`200`	OK

Response Body — JsonApiScopedDocumentWebhookAttributes:

Field	Type	Description
`data`	`JsonApiScopedResourceWebhookAttributes`
`attributes`	`WebhookAttributes`	Resource-specific fields.
`chainEnabled`	`boolean`
`createdAt`	`datetime`
`enabled`	`boolean`
`environment`	`string`
`events`	`string[]`
`secret`	`string`
`updatedAt`	`datetime`
`url`	`string`
`id`	`string`	Unique resource identifier (UUID).
`meta`	`JsonApiMeta`	Resource-level meta object carrying the ownership scope (tenant vs legal-entity).
`scope`	`JsonApiScope`
`type`	`string`	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	Resource type — matches the endpoint (e.g. 'email-templates', 'notification-emails').

cURL Request

curl -X PATCH https://gateway.vigasoft.lu/bizzlink/webhooks/{id} \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE" \
  -H "Content-Type: application/json" \
  -d '{
      "data": {}
  }'

Response
200 OK

{
    "data": {
      "attributes": {
        "chainEnabled": false,
        "createdAt": "2026-01-01T00:00:00Z",
        "enabled": false,
        "environment": "string",
        "events": ["string"],
        "secret": "string",
        "updatedAt": "2026-01-01T00:00:00Z",
        "url": "string"
    },
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "meta": {
        "scope": {
          "type": "legal-entity",
          "value": "9938:lu28079289"
      }
    },
      "type": "email-templates"
  }
}

Rotate the webhook signing secret

POST /bizzlink/webhooks/{id}/actions/rotate-secret

Rotate the webhook signing secret

Responses:

Status	Description
`200`	OK

Response Body — JsonApiScopedDocumentWebhookAttributes:

Field	Type	Description
`data`	`JsonApiScopedResourceWebhookAttributes`
`attributes`	`WebhookAttributes`	Resource-specific fields.
`chainEnabled`	`boolean`
`createdAt`	`datetime`
`enabled`	`boolean`
`environment`	`string`
`events`	`string[]`
`secret`	`string`
`updatedAt`	`datetime`
`url`	`string`
`id`	`string`	Unique resource identifier (UUID).
`meta`	`JsonApiMeta`	Resource-level meta object carrying the ownership scope (tenant vs legal-entity).
`scope`	`JsonApiScope`
`type`	`string`	Scope type. 'tenant' = applies to the whole tenant. 'legal-entity' = applies only to the Peppol ID given in 'value'. 'partner' = applies to all child tenants of the calling partner tenant; 'value' must be empty.
`value`	`string`	Required when type='legal-entity': the Peppol ID (scheme:identifier) that owns this resource, e.g. '9938:lu28079289'. Must belong to the requesting tenant. Ignored when type='tenant'. Must be empty when type='partner'.
`type`	`string`	Resource type — matches the endpoint (e.g. 'email-templates', 'notification-emails').

cURL Request

curl -X POST https://gateway.vigasoft.lu/bizzlink/webhooks/{id}/actions/rotate-secret \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE" \
  -H "Content-Type: application/json"

Response
200 OK

{
    "data": {
      "attributes": {
        "chainEnabled": false,
        "createdAt": "2026-01-01T00:00:00Z",
        "enabled": false,
        "environment": "string",
        "events": ["string"],
        "secret": "string",
        "updatedAt": "2026-01-01T00:00:00Z",
        "url": "string"
    },
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "meta": {
        "scope": {
          "type": "legal-entity",
          "value": "9938:lu28079289"
      }
    },
      "type": "email-templates"
  }
}

Send a test webhook

POST /bizzlink/webhooks/{id}/actions/test

Send a test webhook

Responses:

Status	Description
`200`	OK

Response Body — WebhookTestResponse:

Field	Type	Description
`httpStatus`	`integer`
`message`	`string`
`success`	`boolean`

cURL Request

curl -X POST https://gateway.vigasoft.lu/bizzlink/webhooks/{id}/actions/test \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "X-Bizzlink-Signature: t=$TIMESTAMP,v1=$SIGNATURE" \
  -H "Content-Type: application/json"

Response
200 OK

{
    "httpStatus": 0,
    "message": "string",
    "success": false
}