> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hel.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a Withdrawal Webhook

> Create a webhook to receive withdrawal lifecycle events. Requires an API key with the WEBHOOK_CREATE permission.

<Info>
  **NOTE:** When using Helio on mainnet, set your Base URL to [https://api.hel.io](https://api.hel.io) and generate your API keys from [moonpay.hel.io](https://app.hel.io/). For testnet, use [https://api.dev.hel.io](https://api.dev.hel.io) and generate your API keys from [moonpay.dev.hel.io](https://app.dev.hel.io/).
</Info>

<Tip>
  Subscribe to `SUBMITTED`, `CONFIRMED`, `FAILED`, and `REFUNDED_BY_PROVIDER` events. Deliveries include `Authorization: Bearer <sharedToken>` and an `X-Signature` HMAC-SHA256 header keyed with the same token. See the [Withdrawals guide](/docs/withdrawals#webhooks) for payload details.
</Tip>


## OpenAPI

````yaml POST /v1/webhook/withdrawal/api-key
openapi: 3.0.0
info:
  title: Helio Open API
  description: |-
    API schema and definitions for Helio API. <br/> 
          The API is using two types of Authentication, for dashboard endpoints we use <b>JSON Web Token (JWT)</b> that is generated by self custodial wallet signing a message from API.</br> 
          We also support authentication with <b>API Key and Secret</b> which can be generated on <a href='https://hel.io'>Helio dashboard</a>.
  version: 1.0.0
  contact: {}
servers:
  - description: Helio API (Mainnet)
    url: https://api.hel.io
  - description: Helio API (Devnet)
    url: https://api.dev.hel.io
security: []
tags:
  - name: Webhooks
  - name: Exports
  - name: Currencies
    description: >-
      Supported currencies endpoint, includes fiat and digital assets
      </br><i>Authentication: </i><b>None</b>
externalDocs:
  description: Helio product documentation
  url: https://docs.hel.io/
paths:
  /v1/webhook/withdrawal/api-key:
    post:
      tags:
        - Webhooks
      summary: Create a Withdrawal Webhook
      description: >-
        Create a webhook to receive withdrawal lifecycle events (`SUBMITTED`,
        `CONFIRMED`, `FAILED`, `REFUNDED_BY_PROVIDER`). Requires an API key with
        the `WEBHOOK_CREATE` permission.
      operationId: WithdrawalHookController_createByApiKey
      parameters:
        - name: apiKey
          in: query
          required: true
          description: >-
            Your API key can be generated on the Helio Dashboard's settings
            page.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateWithdrawalHookByApiKeyDto'
      responses:
        '200':
          description: Webhook created successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WithdrawalHookEntity'
        '401':
          description: Provided API key has no access to the resource.
      security:
        - bearer: []
components:
  schemas:
    CreateWithdrawalHookByApiKeyDto:
      type: object
      required:
        - name
        - targetUrl
        - events
      properties:
        name:
          type: string
          maxLength: 64
          description: Webhook name.
        targetUrl:
          type: string
          format: uri
          description: URL that receives webhook payloads.
        events:
          type: array
          items:
            $ref: '#/components/schemas/WithdrawalHookEvent'
          minItems: 1
    WithdrawalHookEntity:
      type: object
      properties:
        id:
          type: string
        name:
          type: string
        targetUrl:
          type: string
        events:
          type: array
          items:
            $ref: '#/components/schemas/WithdrawalHookEvent'
        inactive:
          type: boolean
        sharedToken:
          type: string
          description: Bearer token and HMAC key for verifying deliveries.
        createdAt:
          type: string
          format: date-time
    WithdrawalHookEvent:
      type: string
      enum:
        - SUBMITTED
        - CONFIRMED
        - FAILED
        - REFUNDED_BY_PROVIDER
  securitySchemes:
    bearer:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Authentication using JWT token

````