Create a new Webhook through the API
You can create Webhooks programmatically through the Asaas API, both for main accounts and subaccounts.
This approach is recommended for integrations that need to create, update, or manage Webhooks automatically, without relying on manual configuration through the web application.
Each account can have up to 10 Webhooks, and each Webhook can be configured to receive only the events required for the operation.
When to use
Creation through the API is recommended when:
- your platform creates accounts or subaccounts automatically;
- it is necessary to provision Webhooks without manual intervention;
- different customers need independent configurations;
- you want to automate the Webhook activation process;
- the integration needs to manage Webhooks dynamically.
Requirements
Before creating a Webhook through the API, you need:
- an active Asaas account;
- a valid API Key;
- a publicly accessible URL;
- an application capable of receiving HTTP POST requests;
- to define which events will be monitored;
- to ensure that the endpoint correctly responds to notifications.
ImportantThe configured endpoint must be prepared to process notifications sent by Asaas and return HTTP responses in the 2xx range.
Creating a new Webhook
To create a Webhook, use the endpoint:
POST
/v3/webhooks
See the complete reference for this endpoint
Example:
{
"name": "Example Name",
"url": "https://www.example.com/webhook/asaas",
"email": "[email protected]",
"enabled": true,
"interrupted": false,
"authToken": "whsec_Pxeh17yy3LQbLVpnzz6I1chB7mtzYk5F7pg8bRR80pE",
"sendType": "SEQUENTIALLY",
"events": [
"PAYMENT_CREDIT_CARD_CAPTURE_REFUSED",
"PAYMENT_CHECKOUT_VIEWED",
"PAYMENT_BANK_SLIP_VIEWED",
"PAYMENT_DUNNING_REQUESTED",
"PAYMENT_DUNNING_RECEIVED",
"PAYMENT_AWAITING_CHARGEBACK_REVERSAL",
"PAYMENT_CHARGEBACK_DISPUTE",
"PAYMENT_CHARGEBACK_REQUESTED",
"PAYMENT_RECEIVED_IN_CASH_UNDONE",
"PAYMENT_REFUND_IN_PROGRESS",
"PAYMENT_REFUNDED",
"PAYMENT_RESTORED",
"PAYMENT_DELETED",
"PAYMENT_OVERDUE",
"PAYMENT_ANTICIPATED",
"PAYMENT_RECEIVED",
"PAYMENT_CONFIRMED",
"PAYMENT_UPDATED",
"PAYMENT_CREATED",
"PAYMENT_REPROVED_BY_RISK_ANALYSIS",
"PAYMENT_APPROVED_BY_RISK_ANALYSIS",
"PAYMENT_AWAITING_RISK_ANALYSIS",
"PAYMENT_AUTHORIZED"
]
}In the example above, the Webhook was configured to receive virtually all payment-related events.
Important parameters
Some attributes directly influence Webhook behavior:
| Field | Purpose |
|---|---|
url | Endpoint that will receive events |
enabled | Defines whether the Webhook is active |
interrupted | Indicates whether the queue is interrupted |
authToken | Token sent through the asaas-access-token header |
sendType | Defines delivery behavior |
events | List of events to be monitored |
email | Address used for failure alerts |
RecommendedConfigure only the events that are actually required to avoid unnecessary processing.
Authentication token (authToken)
authToken)
Secure tokenThe token must follow minimum security requirements:
- contain between 32 and 255 characters;
- not contain blank spaces;
- not use simple sequences;
- not use an Asaas API Key.
If the field is not provided, Asaas will automatically generate a secure value.
ImportantThe token value is returned only when the Webhook is created.
Make sure to store it securely, as it will be required to validate incoming requests.
How it works after creation
Once created, the flow usually occurs as follows:
An event occurs
↓
Asaas identifies configured Webhooks
↓
The event is sent to the registered URL
↓
Application processes the event
↓
Endpoint returns HTTP 2xx
↓
The event is considered deliveredImportant behaviors
When using Webhooks through the API, consider that:
- notifications are sent through HTTP POST requests;
- delivery follows the at least once model;
- the same event may be sent more than once;
- implementing idempotency is recommended;
- failures may trigger new delivery attempts;
- after 15 consecutive failures, the queue may be interrupted;
- events remain stored for up to 14 days.
Example of a received event
{
"event": "PAYMENT_RECEIVED",
"payment": {
"id": "pay_080225913252",
"status": "RECEIVED",
"value": 150.00
}
}The structure of the object sent varies according to the event type.
Common errors and best practices
Responses outside the 2xx range may trigger new delivery attempts.
Validate the asaas-access-token header to ensure the request was sent by Asaas.
Implement idempotency to avoid repeated processing.
Return the HTTP response quickly and perform heavy processing asynchronously.
Operational impacts
Each account can have up to 10 Webhooks.
Endpoint failures may cause:
- new delivery attempts;
- queue penalties;
- synchronization interruption;
- permanent event loss after 14 days.
Therefore, continuous monitoring of Webhooks in production is recommended.
Webhook management
You can also:
Use:
GET
/v3/webhooks
See the complete reference for this endpoint
Through this request, it is possible to verify:
- existing Webhooks;
- configured events;
- whether the Webhook is active;
- whether there is an interrupted queue.
Next steps
We recommend reviewing:
- Receive events from Asaas in your Webhook endpoint;
- How to implement idempotency in Webhooks;
- Delivery types;
- Webhook events;
- Webhook logs;
- Queue penalties;
- Paused queue.
