> ## Documentation Index
> Fetch the complete documentation index at: https://docs.iterapay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# POST /weebhook/{merchantID} — Create or update webhook

> Register or replace a webhook endpoint for a merchant. Returns a signing token to use when verifying incoming webhook payloads from IteraPay.

Use this endpoint to configure a webhook URL for your merchant. IteraPay will send event notifications to this URL when payment and withdrawal activity occurs. If a webhook already exists, this call replaces it with the new configuration.

<Note>
  The endpoint path is `/weebhook/{merchantID}` — note the double 'e'. Use this exact path in your requests.
</Note>

<Info>
  This endpoint requires Bearer token authentication. API key authentication is not accepted.
</Info>

## Path parameters

<ParamField path="merchantID" type="string" required>
  The UUID of the merchant for which to configure the webhook.
</ParamField>

## Request body

<ParamField body="url" type="string" required>
  The HTTPS URL on your server where IteraPay should deliver webhook events. Must be a publicly reachable endpoint.
</ParamField>

<ParamField body="secret" type="string" required>
  A secret string used to generate a signing token for verifying webhook payloads. Choose a strong, random value and store it securely.
</ParamField>

## Response

Returns a `200 OK` with a webhook signing token on success.

<ResponseField name="token" type="string">
  A webhook signing token derived from your secret. Use this value to verify the authenticity of incoming webhook payloads by comparing it against the signature header sent with each event.
</ResponseField>

<RequestExample>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://api.iterapay.com/weebhook/b0fcc813-a7ce-4bbc-932f-dbef6f59ca7f \
    --header 'Authorization: Bearer <token>' \
    --header 'Content-Type: application/json' \
    --data '{
      "url": "https://yoursite.com/webhooks/iterapay",
      "secret": "your-webhook-secret"
    }'
  ```
</RequestExample>

<ResponseExample>
  ```json 200 theme={null}
  {
    "token": "whsec_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"
  }
  ```
</ResponseExample>
