Skip to main content
POST
/
public
/
v1
/
webhooks
Create Webhook
curl --request POST \
  --url https://api.pro.daya.co/public/v1/webhooks \
  --header 'Content-Type: application/json' \
  --header 'X-Api-Key: <x-api-key>' \
  --data '
{
  "url": "<string>",
  "events": [
    {}
  ],
  "description": "<string>"
}
'
{
  "success": true,
  "message": "Webhook created successfully",
  "data": {
    "id": "770e8400-e29b-41d4-a716-446655440000",
    "url": "https://example.com/webhooks/daya",
    "description": "Order and trade notifications",
    "events": ["order.filled", "order.cancelled", "trade.executed"],
    "status": "active",
    "secret": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456",
    "failure_count": 0,
    "last_success_at": null,
    "last_failure_at": null,
    "last_failure_reason": null,
    "created_at": "2024-01-15T10:00:00Z",
    "updated_at": "2024-01-15T10:00:00Z"
  },
  "timestamp": "2024-01-15T10:00:00Z"
}

Overview

Create a new webhook endpoint to receive order and trade event notifications. The webhook secret is only returned once at creation, so make sure to store it securely.

Authentication

X-Api-Key
string
required
Your API key with Write scope
X-Api-Key: daya_sk_YOUR_API_KEY

Request Body

url
string
required
Webhook endpoint URL (must be HTTPS in production)Example: https://example.com/webhooks/daya
events
array
required
Events to subscribe to (at least one required)Allowed values: order.created, order.filled, order.partially_filled, order.cancelled, order.rejected, trade.executed
description
string
Optional description for the webhookExample: My order notifications

Request Examples

curl --request POST \
  --url 'https://api.pro.daya.co/public/v1/webhooks' \
  --header 'X-Api-Key: daya_sk_YOUR_API_KEY' \
  --header 'Content-Type: application/json' \
  --data '{
    "url": "https://example.com/webhooks/daya",
    "events": ["order.filled", "order.cancelled", "trade.executed"],
    "description": "Order and trade notifications"
  }'

Response

success
boolean
required
Indicates if the request was successful
message
string
required
Human-readable response message
data
object
required
Created webhook with secret

Success Response

{
  "success": true,
  "message": "Webhook created successfully",
  "data": {
    "id": "770e8400-e29b-41d4-a716-446655440000",
    "url": "https://example.com/webhooks/daya",
    "description": "Order and trade notifications",
    "events": ["order.filled", "order.cancelled", "trade.executed"],
    "status": "active",
    "secret": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456",
    "failure_count": 0,
    "last_success_at": null,
    "last_failure_at": null,
    "last_failure_reason": null,
    "created_at": "2024-01-15T10:00:00Z",
    "updated_at": "2024-01-15T10:00:00Z"
  },
  "timestamp": "2024-01-15T10:00:00Z"
}
The secret is a 64-character hex string (32 bytes). This is the raw secret used for HMAC-SHA256 signature verification.

Error Responses

{
  "success": false,
  "message": "Validation error",
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "URL must be a valid HTTPS URL"
  }
}

Available Events

EventDescription
order.createdNew order accepted by matching engine
order.filledOrder completely filled
order.partially_filledOrder partially executed
order.cancelledOrder cancelled
order.rejectedOrder rejected
trade.executedTrade executed involving your order

Important Notes

Store your webhook secret securely! The secret field is only returned once when the webhook is created. If you lose it, you’ll need to rotate the secret.
Webhook URLs must use HTTPS in production. HTTP is only allowed for local development testing.

Rate Limits

  • 100 requests per minute per API key
  • Maximum 5 webhooks per account

Next Steps

Webhook Verification

Learn how to verify webhook signatures

Webhook Events

See event payload details

List Webhooks

View all your webhooks

Update Webhook

Update webhook configuration