Create a webhook endpoint
Registers an HTTPS URL to receive event notifications. The response includes the HMAC secret (used to verify the X-Passlet-Signature header on deliveries) and the simpleToken sent as X-Webhook-Token — both are shown only once, at creation time.
Requires the webhooks:write scope on the access token.
Authorizations
Passlet access token (plt_*) sent as Authorization: Bearer <token> or X-API-Key. Authorized scopes are listed per operation under x-required-scopes.
Body
Webhook delivery URL
Events to subscribe to
1pass.issued, pass.updated, pass.voided, pass.failed, pass.scanned, pass.scan.reversed Optional human-readable label
255Response
Created
Webhook endpoint identifier
^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$Webhook delivery URL
Events to receive
1pass.issued, pass.updated, pass.voided, pass.failed, pass.scanned, pass.scan.reversed Whether the endpoint is active
ISO 8601 timestamp
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$HMAC secret (shown only once)
Simple verification token for X-Webhook-Token header (for Power Automate)
Optional human-readable label for the endpoint
255