Get a specific webhook subscription

This Tango API endpoint returns the complete details of a webhook subscription, allowing you to review its configuration at any time. When you’ve subscribed to a webhook, you may later wonder how you configured it—its callback URL, filters, expiration, etc. Use this endpoint to quickly revisit the full configuration of any previously created webhook.

Use case

Acme Health relies on webhooks to receive real‑time updates on critical clinical events—such as new patient registrations, appointment changes, and lab result notifications. Over time, developers or administrators may need to review how a webhook was originally configured, what events were subscribed, what was the callback URL, what filters were used and so on. To achieve all these, Acme uses this endpoint to allow its team to easily retrieve the complete configuration of any existing webhook. With these details, Acme Health’s integrations team can verify settings, troubleshoot issues, and ensure accurate event delivery—all without modifying the current subscription.

Endpoint

This endpoint allows you to effortlessly retrieve comprehensive information about a specific webhook by referencing its unique webhook ID.

Parameters

The following path parameter is used with GET {URI}/webhooks/{webhookId}. webhookId is used to specify the unique identifier of the webhook you want to retrieve information about. Replace {webhookId} with the actual ID of the webhook.

Examples

The following payload shows the response code when you use this endpoint to inquire about a specific webhook.

The payloadVerificationMethod field tells you which verification method is configured for your subscription: X509 , HMAC, or NONE. For security reasons, the HMAC shared secret key is masked and not returned in full. Make sure you store it securely when you create or update the subscription. See this example: "hmacSharedSecretKey": "dG***********Y=".

To learn more about payload verification method options and how to verify signatures, see Webhook authentication and verification overview.

{
  "webhookId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "url": "string",
  "headers": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "categories": [
    "string"
  ],
  "eventTypes": [
    "string"
  ],
  "signingCertificate": "string",
  "hmacSharedSecretKey": "string",
  "payloadVerificationMethod": "string" //HMAC, X509, NONE
  "createdAt": "2024-06-13T20:06:24.565Z",
  "updatedAt": "2024-06-13T20:06:24.565Z",
  "expiresAt": "2024-06-13T20:06:24.565Z"
}

Key response fields

On a successful request (200 OK), the response body includes several important fields. Below are some key notes and considerations to help you understand field behaviors and best practices:

• payloadVerificationMethod is a new field in the webhook subscription response that tells the caller which payload verification or authentication method is configured for that subscription. This allows a Tango webhook user to see, after the fact, whether the subscription is using any of the following authentication method:
  • X509 → Payloads are signed using your X.509 certificate; signingCertificate is populated.
  • HMAC → Payloads are signed using an HMAC-SHA256 shared secret; hmacSharedSecretKey is populated.
  • NONE → No payload signing is applied; both are empty/null
• For added security, when the subscription uses HMAC-SHA256, the actual shared secret key will not be exposed in the response. The shared secret key is write-only at creation or update and is not retrievable.

Response codes

The possible response codes for this endpoint are. For details, see i18nkey codes and their error messages: