> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dev.gojinko.com/llms.txt
> Use this file to discover all available pages before exploring further.

# register-webhook

> Register a callback URL to receive signed booking lifecycle events

Subscribe an HTTPS endpoint to `booking.completed` / `booking.failed`. The response includes the HMAC signing **secret once**: store it; later reads only show a prefix. Jinko POSTs each event signed with `X-Jinko-Signature: sha256=<hex>` over `"<X-Jinko-Timestamp>.<raw body>"`. See the [Webhooks guide](/guides/webhooks) for payloads and signature verification.


## OpenAPI

````yaml api-reference/public-api.yaml POST /v1/webhooks
openapi: 3.0.0
info:
  title: Jinko Public API
  version: 0.1.0
  description: >-
    Curated public REST surface for Jinko. Authenticated with jnk_ API keys. See
    https://docs.gojinko.com for guides.
servers: []
security: []
paths:
  /v1/webhooks:
    post:
      tags:
        - Webhooks
      summary: Register a webhook endpoint for booking lifecycle events
      description: >-
        Subscribe a callback URL to `booking.completed` / `booking.failed`. The
        response includes the HMAC signing secret ONCE. Deliveries are signed
        with `X-Jinko-Signature: sha256=<hex>` over `"<X-Jinko-Timestamp>.<raw
        body>"`.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateWebhookRequest'
      responses:
        '201':
          description: Webhook registered (secret shown once)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookCreatedResponse'
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: BAD_REQUEST
                  message: Malformed JSON in request body.
                  doc_url: https://docs.gojinko.com/concepts/errors
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: AUTH_REQUIRED
                  message: Invalid or expired API key.
                  doc_url: https://docs.gojinko.com/api-reference/authentication
        '422':
          description: Validation error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: BAD_REQUEST
                  message: >-
                    origins: origins is required; trip_type: trip_type is
                    required
                  doc_url: https://docs.gojinko.com/concepts/errors
        '429':
          description: Rate limit or quota exceeded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: RATE_LIMITED
                  message: Rate limit or quota exceeded.
                  doc_url: https://docs.gojinko.com/concepts/errors
        '502':
          description: Upstream service error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: UPSTREAM_ERROR
                  message: Upstream travel provider returned an error. Please retry.
                  doc_url: https://docs.gojinko.com/concepts/errors
      security:
        - ApiKeyAuth: []
        - BearerAuth: []
components:
  schemas:
    CreateWebhookRequest:
      type: object
      properties:
        url:
          type: string
          format: uri
          example: https://partner.example.com/jinko/webhooks
        events:
          type: array
          items:
            $ref: '#/components/schemas/WebhookEvent'
          minItems: 1
          example:
            - booking.completed
            - booking.failed
      required:
        - url
        - events
      example:
        url: https://partner.example.com/jinko/webhooks
        events:
          - booking.completed
          - booking.failed
    WebhookCreatedResponse:
      type: object
      properties:
        id:
          type: number
          example: 42
        url:
          type: string
          example: https://partner.example.com/jinko/webhooks
        events:
          type: array
          items:
            type: string
          example:
            - booking.completed
        secret:
          type: string
          description: >-
            HMAC signing secret. Returned ONCE — store it securely; later reads
            show only a prefix.
          example: whsec_3f9a…
        status:
          type: string
          example: active
        created_at:
          type: string
          example: '2026-06-02T08:00:00Z'
      required:
        - id
        - url
        - events
        - secret
        - status
        - created_at
    ErrorResponse:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
            doc_url:
              type: string
          required:
            - code
            - message
      required:
        - error
    WebhookEvent:
      type: string
      enum:
        - booking.completed
        - booking.failed
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
    BearerAuth:
      type: http
      scheme: bearer

````