> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Webhooks

> Retrieve all webhook endpoints for your business. GET /webhooks. Requires webhooks:read scope.

## Overview

Returns all non-deleted webhook endpoints for your business in the current environment, along with delivery health statistics for each.

## Query Parameters

| Parameter | Type    | Default | Description                |
| --------- | ------- | ------- | -------------------------- |
| `limit`   | integer | 20      | Results per page (max 100) |
| `offset`  | integer | 0       | Number of records to skip  |

## Example

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.fyatu.com/api/v3.20/webhooks \
    -H "Authorization: Bearer $FYATU_API_KEY"
  ```

  ```javascript Node.js theme={null}
  const resp = await fetch('https://api.fyatu.com/api/v3.20/webhooks', {
    headers: { 'Authorization': `Bearer ${process.env.FYATU_API_KEY}` }
  });
  const body = await resp.json();
  for (const wh of body.data) {
    console.log(wh.webhookId, wh.status, `${wh.failureCount} failures`);
  }
  ```

  ```python Python theme={null}
  import os, requests

  resp = requests.get(
      'https://api.fyatu.com/api/v3.20/webhooks',
      headers={'Authorization': f'Bearer {os.environ["FYATU_API_KEY"]}'}
  )
  body = resp.json()
  for wh in body['data']:
      print(wh['webhookId'], wh['status'], f"{wh['failureCount']} failures")
  ```
</CodeGroup>

## Success Response (200)

```json theme={null}
{
  "success": true,
  "status":  200,
  "message": "Webhooks retrieved",
  "data": [
    {
      "webhookId":          "whk_01HXYZ7777ABCDEF4444",
      "url":                "https://yourapp.com/webhooks/fyatu",
      "description":        "Production card events",
      "events":             ["CARD_ISSUED", "TRANSACTION_AUTHORIZED"],
      "status":             "ACTIVE",
      "secretPrefix":       "whsec_a1b2c3",
      "failureCount":       0,
      "lastDeliveryAt":     "2026-05-22T14:30:00Z",
      "lastDeliveryStatus": "SUCCESS",
      "totalDeliveries":    142,
      "totalFailures":      1,
      "createdAt":          "2026-05-01T09:00:00Z",
      "updatedAt":          "2026-05-22T14:30:00Z"
    }
  ],
  "pagination": {
    "total":   2,
    "limit":   20,
    "offset":  0,
    "hasMore": false
  },
  "meta": {
    "requestId":  "req_01HXY123456ABCDEF",
    "platform": "Fyatu CaaS",
    "timestamp":  "2026-05-22T15:00:00Z"
  }
}
```

## Error Codes

| Code                 | HTTP | Cause                           |
| -------------------- | ---- | ------------------------------- |
| `INSUFFICIENT_SCOPE` | 403  | Key lacks `webhooks:read` scope |


## OpenAPI

````yaml v3.20/openapi.json GET /webhooks
openapi: 3.1.0
info:
  title: FYATU CaaS API v3.20
  description: >-
    FYATU Cards-as-a-Service API â€” API key authentication, Cardholder
    lifecycle, Card issuance, Transactions, Webhooks, and Programs.
  version: 3.20.0
  contact:
    name: FYATU Support
    url: https://fyatu.com
    email: support@fyatu.com
servers:
  - url: https://api.fyatu.com/api/v3.20
    description: >-
      FYATU CaaS API â€” the environment (LIVE or SANDBOX) is determined by the
      API key, not the URL
security:
  - BearerAuth: []
tags:
  - name: Meta
    description: Liveness, account info, and supported event types
  - name: Account
    description: Account-level balance and funding status
  - name: Programs
    description: Read card program configuration
  - name: Cardholders
    description: Create and manage cardholder profiles
  - name: Cards
    description: Issue, fund, freeze, and terminate virtual cards
  - name: Transactions
    description: Read-only card transaction history
  - name: Webhooks
    description: Manage webhook endpoints for real-time event delivery
  - name: Products
    description: Read card product configurations
paths:
  /webhooks:
    get:
      tags:
        - Webhooks
      summary: List webhooks
      description: Returns all webhook endpoints for the current environment.
      operationId: listWebhooks
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 20
        - name: offset
          in: query
          schema:
            type: integer
            minimum: 0
            default: 0
      responses:
        '200':
          description: Webhooks retrieved
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  schemas:
    WebhookListResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        status:
          type: integer
          example: 200
        message:
          type: string
          example: Webhooks retrieved
        data:
          type: array
          items:
            $ref: '#/components/schemas/Webhook'
        pagination:
          $ref: '#/components/schemas/Pagination'
        meta:
          $ref: '#/components/schemas/Meta'
    Webhook:
      type: object
      properties:
        webhookId:
          type: string
          example: whk_01HXYZ7777ABCDEF4444
        url:
          type: string
          format: uri
          example: https://yourapp.com/webhooks/fyatu
        description:
          type: string
          nullable: true
          example: Production card events
        events:
          type: array
          items:
            type: string
            enum:
              - CARD_ISSUED
              - CARD_FROZEN
              - CARD_UNFROZEN
              - CARD_TERMINATED
              - CARD_TERMINATION_REFUND
              - CARD_TERMINATION_REFUND_POST
              - CARD_FUNDED
              - CARD_UNLOADED
              - CARD_FUND_FAILED
              - CARD_UNLOAD_FAILED
              - CARDHOLDER_CREATED
              - CARDHOLDER_UPDATED
              - CARDHOLDER_SUSPENDED
              - CARDHOLDER_REACTIVATED
              - CARDHOLDER_TERMINATED
              - CARDHOLDER_KYC_SUBMITTED
              - CARDHOLDER_KYC_SUBMISSION_FAILED
              - CARDHOLDER_KYC_APPROVED
              - CARDHOLDER_KYC_REJECTED
              - CARDHOLDER_KYC_REVIEW_PENDING
              - PROGRAM_CREATED
              - PROGRAM_PAUSED
              - PROGRAM_RESUMED
              - PROGRAM_CLOSED
              - PROGRAM_BALANCE_LOW
              - PROGRAM_BALANCE_FUNDED
              - PROGRAM_WITHDRAWAL_INITIATED
              - PROGRAM_WITHDRAWAL_COMPLETED
              - PROGRAM_WITHDRAWAL_FAILED
              - TRANSACTION_PROCESSED
              - TRANSACTION_AUTHORIZED
              - TRANSACTION_CLEARED
              - TRANSACTION_REVERSED
              - TRANSACTION_DECLINED
              - TRANSACTION_FEE
              - BILLING_INVOICE_CREATED
              - BILLING_INVOICE_PAID
              - BILLING_INVOICE_OVERDUE
              - BILLING_DEPOSIT_DETECTED
              - BILLING_DEPOSIT_CONFIRMED
          example:
            - CARD_ISSUED
            - TRANSACTION_AUTHORIZED
        status:
          type: string
          enum:
            - ACTIVE
            - DISABLED
          example: ACTIVE
        secretPrefix:
          type: string
          description: First 12 characters of the signing secret
          example: whsec_a1b2c3
        failureCount:
          type: integer
          example: 0
        lastDeliveryAt:
          type: string
          format: date-time
          nullable: true
          example: '2026-05-22T14:30:00Z'
        lastDeliveryStatus:
          type: string
          nullable: true
          example: SUCCESS
        totalDeliveries:
          type: integer
          example: 45
        totalFailures:
          type: integer
          example: 0
        createdAt:
          type: string
          format: date-time
          example: '2026-05-01T09:00:00Z'
        updatedAt:
          type: string
          format: date-time
          example: '2026-05-10T14:23:00Z'
    Pagination:
      type: object
      properties:
        total:
          type: integer
          example: 47
        limit:
          type: integer
          example: 20
        offset:
          type: integer
          example: 0
        hasMore:
          type: boolean
          example: true
    Meta:
      type: object
      properties:
        requestId:
          type: string
          example: req_a1b2c3d4e5f6a7b8c9d0e1f2
        platform:
          type: string
          example: Fyatu CaaS
        timestamp:
          type: string
          format: date-time
          example: '2026-05-22T15:00:00Z'
    Error:
      type: object
      properties:
        success:
          type: boolean
          example: false
        status:
          type: integer
          example: 422
        message:
          type: string
          example: Human readable message
        error:
          $ref: '#/components/schemas/ErrorBody'
        meta:
          $ref: '#/components/schemas/Meta'
    ErrorBody:
      type: object
      properties:
        code:
          type: string
          example: VALIDATION_ERROR
        detail:
          type: string
          example: dateOfBirth must be in YYYY-MM-DD format
  responses:
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            missing:
              summary: API key missing
              value:
                success: false
                status: 401
                message: API key is required
                error:
                  code: AUTH_TOKEN_MISSING
                  detail: API key is required
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
            invalid:
              summary: API key invalid
              value:
                success: false
                status: 401
                message: Invalid API key
                error:
                  code: AUTH_TOKEN_INVALID
                  detail: Invalid API key
                meta:
                  requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
                  platform: Fyatu CaaS
                  timestamp: '2026-05-22T15:00:00Z'
    Forbidden:
      description: Scope denied or business suspended
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 403
            message: Scope denied
            error:
              code: INSUFFICIENT_SCOPE
              detail: This endpoint requires the cards:write scope
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    RateLimitExceeded:
      description: Rate limit exceeded
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 429
            message: Rate limit exceeded
            error:
              code: RATE_LIMIT_EXCEEDED
              detail: Too many requests
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
    InternalError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            success: false
            status: 500
            message: Internal error
            error:
              code: INTERNAL_ERROR
              detail: An unexpected error occurred
            meta:
              requestId: req_a1b2c3d4e5f6a7b8c9d0e1f2
              platform: Fyatu CaaS
              timestamp: '2026-05-22T15:00:00Z'
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key from the FYATU CaaS portal. Pass as `Authorization: Bearer
        <key>`.

````