> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zet.money/llms.txt
> Use this file to discover all available pages before exploring further.

# Register Webhook

> Register a URL to receive webhook events. The response includes a `secret` that you must store securely — it is used to verify webhook signatures.

Zet signs every webhook payload with HMAC-SHA256 using this secret. The signature is sent in the `x-zet-signature` header.

**Verification example:**
```javascript
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}
```




## OpenAPI

````yaml POST /webhooks
openapi: 3.1.0
info:
  title: Zet API
  description: >
    The Zet API enables businesses to integrate smart on/off ramp, token swap,
    and cross-chain transfer capabilities into their applications.


    Built on ERC-4337 smart accounts with gas-sponsored transactions, Zet
    handles the complexity of blockchain interactions so you can focus on your
    product.


    ## Base URL


    ```

    https://api.zet.money/v1

    ```


    ## Authentication


    All requests must include your API key in the `x-api-key` header. Contact
    [zetdotmoney@gmail.com](mailto:zetdotmoney@gmail.com) to obtain your API
    keys.


    ## Rate Limits


    - **60 requests per minute** per API key (default)

    - Rate limit headers are included in every response

    - Contact us for higher limits
  version: 1.0.0
  contact:
    name: Zet Support
    url: https://zet.money/support
    email: support@zet.money
  license:
    name: Proprietary
servers:
  - url: https://api.zet.money/v1
    description: Production
  - url: https://api-staging.zet.money/v1
    description: Staging
security:
  - apiKey: []
tags:
  - name: Wallets
    description: Create and manage smart wallets for your users
  - name: On-Ramp
    description: Buy crypto with Nigerian Naira (NGN)
  - name: Off-Ramp
    description: Sell crypto for Nigerian Naira (NGN)
  - name: Swap
    description: Swap tokens on the same chain or across chains
  - name: Cross-Chain Transfer
    description: Transfer tokens across different blockchains
  - name: Webhooks
    description: Register webhook URLs to receive async event notifications
  - name: Transactions
    description: Query transaction history and details
paths:
  /webhooks:
    post:
      tags:
        - Webhooks
      summary: Register a webhook
      description: >
        Register a URL to receive webhook events. The response includes a
        `secret` that you must store securely — it is used to verify webhook
        signatures.


        Zet signs every webhook payload with HMAC-SHA256 using this secret. The
        signature is sent in the `x-zet-signature` header.


        **Verification example:**

        ```javascript

        const crypto = require('crypto');


        function verifyWebhook(payload, signature, secret) {
          const expected = crypto
            .createHmac('sha256', secret)
            .update(JSON.stringify(payload))
            .digest('hex');
          return crypto.timingSafeEqual(
            Buffer.from(signature),
            Buffer.from(expected)
          );
        }

        ```
      operationId: registerWebhook
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RegisterWebhookRequest'
      responses:
        '201':
          description: Webhook registered. Store the `secret` securely.
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  data:
                    $ref: '#/components/schemas/Webhook'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    RegisterWebhookRequest:
      type: object
      required:
        - url
        - events
      properties:
        url:
          type: string
          format: uri
          description: HTTPS URL to receive webhook POST requests.
          example: https://yourapp.com/webhooks/zet
        events:
          type: array
          items:
            type: string
            enum:
              - onramp.completed
              - onramp.failed
              - offramp.completed
              - offramp.failed
              - swap.completed
              - swap.failed
              - transfer.completed
              - transfer.failed
              - '*'
          description: List of event types to subscribe to. Use `*` for all events.
          example:
            - onramp.completed
            - offramp.completed
        description:
          type: string
          description: Optional description for this webhook.
          example: Production payment webhook
    Webhook:
      type: object
      properties:
        id:
          type: string
          example: wh_01H8X7...
        url:
          type: string
          example: https://yourapp.com/webhooks/zet
        events:
          type: array
          items:
            type: string
          example:
            - onramp.completed
            - offramp.completed
        secret:
          type: string
          description: >-
            HMAC-SHA256 secret for verifying webhook payloads. Only returned on
            creation.
          example: whsec_abc123...
        isActive:
          type: boolean
          example: true
        description:
          type: string
          example: Production payment webhook
        createdAt:
          type: string
          format: date-time
    Error:
      type: object
      required:
        - success
        - error
      properties:
        success:
          type: boolean
          example: false
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              example: INVALID_REQUEST
            message:
              type: string
              example: The 'amount' field is required.
  responses:
    BadRequest:
      description: Invalid request parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            error:
              code: INVALID_REQUEST
              message: The 'amount' field must be a positive number.
    Unauthorized:
      description: Missing or invalid API key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            error:
              code: UNAUTHORIZED
              message: Invalid API key.
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: x-api-key
      description: Your Zet API key. Contact zetdotmoney@gmail.com to obtain your keys.

````