Skip to main content
Use this endpoint to register a URL where Shogun will deliver real-time event notifications. Once your webhook is configured, Shogun sends an HTTP POST request to your endpoint each time a subscribed event occurs — such as an inbound payment being received or a transfer completing. You can optionally restrict delivery to specific source IP addresses using the ip_whitelist field.

Endpoint

POST /api/v1/customer/web/webhook_configuration

Authentication

All requests must include a valid Dashboard Bearer token in the Authorization header.
HeaderTypeRequiredDescription
AuthorizationstringYesBearer <token> — obtain from Login
Content-TypestringYesapplication/json

Request Body

url
string
required
The publicly accessible HTTPS URL where Shogun will POST event payloads. Must be a valid URI (e.g., https://yourapp.com/webhooks/shogun).
ip_whitelist
array of strings
An optional list of IP addresses permitted to trigger webhook delivery. When provided, only requests originating from these IPs are forwarded. Maximum 255 characters per entry.

Example Request Body

{
  "url": "https://yourapp.com/webhooks/shogun",
  "ip_whitelist": [
    "197.210.55.12",
    "41.58.100.200"
  ]
}

Response

A successful response returns your webhook configuration with a system-assigned id.
FieldTypeDescription
idstring (uuid)Unique identifier for this webhook configuration
urlstringThe registered destination URL
ip_whitelistarray of stringsIP addresses whitelisted for this webhook
created_atstring (ISO 8601)Timestamp when the webhook was created
updated_atstring (ISO 8601)Timestamp of the last update

Success

{
  "status": true,
  "response_code": "00",
  "message": "Webhook created successfully",
  "data": {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "url": "https://yourapp.com/webhooks/shogun",
    "ip_whitelist": ["197.210.55.12"],
    "created_at": "2026-04-28T10:00:00Z",
    "updated_at": "2026-04-28T10:00:00Z"
  }
}

Example

curl --request POST \
  --url https://baasapi.payrepmfb.com/api/v1/customer/web/webhook_configuration \
  --header 'Authorization: Bearer <your_dashboard_token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "url": "https://yourapp.com/webhooks/shogun",
    "ip_whitelist": ["197.210.55.12"]
  }'
Shogun signs every webhook payload with a secret so you can verify that the delivery originated from Shogun and was not tampered with in transit. Validate the signature on every inbound request before processing the payload. Refer to the Webhooks guide for signature verification details.