Skip to main content
POST
/
webhook-endpoints
Create a webhook endpoint
curl --request POST \
  --url https://voice.growdental.ai/api/partner/v1/webhook-endpoints \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "url": "<string>",
  "enabled_events": []
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "enabled_events": [],
  "failure_count": 123,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z",
  "secret": "<string>"
}

Authorizations

Authorization
string
header
required

Partner API key sent as a Bearer token:

Authorization: Bearer gd_live_...

Keys are issued by the GrowDental team (invite-only), shown once at creation, and stored server-side only as a SHA-256 hash. Key format: gd_live_ (or gd_test_) followed by a 43-character base62 secret (~256 bits of entropy). To rotate, request a new key, deploy it, then ask us to revoke the old one — both keys work during the overlap.

Headers

Idempotency-Key
string

Client-generated unique key (e.g. a UUID) making the POST safely retryable for 24 hours: retries with the same key and payload replay the original response; the same key with a different payload is rejected with 409 idempotency_conflict. Strongly recommended on every POST — required in practice for call-request creation, where a blind retry can dial patients twice.

Maximum string length: 255

Body

application/json
url
string<uri>
required

HTTPS URL that will receive event deliveries. Must be publicly reachable.

Maximum string length: 500
Example:

"https://api.example-pms.com/growdental/webhooks"

enabled_events
enum<string>[]
required

Event types to deliver to this endpoint.

Minimum array length: 1

Event types deliverable to webhook endpoints. call_attempt.resolved and appointment.booked are planned (Phase 2) — valid to subscribe to now, but not yet emitted.

Available options:
call.completed,
call.recording.ready,
call_request.completed,
call_attempt.resolved,
appointment.booked

Response

Endpoint created. The secret is shown only in this response.

Returned only from endpoint creation — includes the one-time signing secret.

id
string<uuid>
required
url
string<uri>
required
enabled_events
enum<string>[]
required

Event types deliverable to webhook endpoints. call_attempt.resolved and appointment.booked are planned (Phase 2) — valid to subscribe to now, but not yet emitted.

Available options:
call.completed,
call.recording.ready,
call_request.completed,
call_attempt.resolved,
appointment.booked
status
enum<string>
required

disabled endpoints receive no deliveries. Endpoints are auto-disabled after sustained delivery failures; re-enable via PATCH once your receiver is healthy.

Available options:
active,
disabled
failure_count
integer
required

Consecutive failed deliveries; resets on success.

created_at
string<date-time>
required
updated_at
string<date-time>
required
secret
string
required

HMAC-SHA256 signing secret for this endpoint. Shown only in this response — it is stored encrypted and cannot be retrieved again. Use it to verify the X-GrowDental-Signature header on every delivery.