> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Update webhook endpoint

> Patches a webhook endpoint. URL, secret, eventTypes, isActive and metadata are each independently patchable. URL changes re-run the HTTPS + SSRF check; secret changes re-encrypt at rest; eventTypes changes re-validate against the canonical control-plane catalog. nil fields mean "leave unchanged"; an explicit empty eventTypes slice means "clear the subscription list".



## OpenAPI

````yaml en/openapi/v3-current/spb.yaml patch /v1/str/webhooks/{webhookId}
openapi: 3.1.0
info:
  contact:
    email: contact@lerian.studio
    name: Lerian Studio
    url: https://lerian.studio
  description: >-
    OpenAPI 3.1 surface for Lerian SPB, the direct integration between the
    institution and the Brazilian Payment System (SPB) over the National
    Financial System Network (RSFN). It covers the Reserve Transfer System
    (STR): message registry and capability catalog, operation lifecycle (bank
    transfers, IBS repasses, liquidity transfers, returns and cancellations),
    reserve-account and schedule queries, alçada governance, reconciliation, and
    event delivery.
  license:
    name: Lerian Studio General License
  title: Lerian SPB API
  version: 1.0.0
servers:
  - url: https://spb.sandbox.lerian.net
security: []
tags:
  - description: Immutable audit-record trails for STR operations and lifecycle events.
    name: Audit
  - description: >-
      STR capability catalog describing supported message types and their
      constraints.
    name: Capabilities
  - description: >-
      ICP-Brasil certificate inventory with hot-reloadable rotation and
      activation.
    name: Certificates
  - description: >-
      Maker-checker approval queue for emissions parked above their alçada band:
      list pending, sign (approve), and deny.
    name: EmissionApprovals
  - description: Webhook event-delivery records with retry control for failed dispatches.
    name: EventDeliveries
  - description: Operation event catalog enumerating the emitted domain event types.
    name: Events
  - description: >-
      Inbound GEN-family notice log (GEN0001 connectivity echo, GEN0004
      transmission error, GEN0005 administrative notice).
    name: GenNotices
  - description: >-
      SPB alçada governance: the value-band table and per-message-type signature
      requirements, hot-reloaded at runtime.
    name: Governance
  - description: >-
      Read raw STR message status: list messages and read a single message by
      NUOp.
    name: Messages
  - description: Aggregated operational summaries and metrics across STR operations.
    name: OperationalIntelligence
  - description: >-
      STR operation lifecycle for bank transfers and IBS repasses, including
      returns and cancellations.
    name: Operations
  - description: >-
      Service readiness state covering startup self-probes and dependency
      health.
    name: Readiness
  - description: Reconciliation cases and the actions that resolve operation discrepancies.
    name: Reconciliation
  - description: >-
      STR reports suite: synchronous, date-ranged aggregate reports (financial
      movement, rejected transactions, volumetria) over Lerian SPB's own
      transmission record.
    name: Reports
  - description: >-
      STR0013 reserve-account balance and STR0014 statement (extrato,
      message-mode) queries and their async results.
    name: ReserveQueries
  - description: >-
      GEN0019 participant responsável roster: full-replacement updates announced
      to BACEN.
    name: Responsibles
  - description: STR operating-window schedule governing when operations may be sent.
    name: Schedule
  - description: >-
      STR0001 single-party schedule queries (consulta de horários do STR) and
      their async STR0001R1 grid results.
    name: ScheduleQueries
  - description: Runtime SPB configuration settings for the STR integration.
    name: Settings
  - description: Webhook endpoint registration and management for event delivery.
    name: Webhooks
  - description: >-
      Flow (mandatory order): certificate → readiness → connectivity-test →
      submit. Activate a certificate, confirm the rail reports ready, pass a
      connectivity test, then submit an operation. Each step is its own
      resource; a submit must not be attempted before readiness passes.
    name: onboarding
  - description: >-
      Flow (mandatory order): parent operation SETTLED → return/cancel. A return
      or cancellation is a sub-resource of a settled parent operation; the
      {operationId}/{endToEndID} path segment enforces the parent structurally.
    name: lifecycle
paths:
  /v1/str/webhooks/{webhookId}:
    patch:
      tags:
        - Webhooks
      summary: Update webhook endpoint
      description: >-
        Patches a webhook endpoint. URL, secret, eventTypes, isActive and
        metadata are each independently patchable. URL changes re-run the HTTPS
        + SSRF check; secret changes re-encrypt at rest; eventTypes changes
        re-validate against the canonical control-plane catalog. nil fields mean
        "leave unchanged"; an explicit empty eventTypes slice means "clear the
        subscription list".
      operationId: updateEventWebhook
      parameters:
        - description: Webhook UUID.
          in: path
          name: webhookId
          required: true
          schema:
            description: Webhook UUID.
            examples:
              - 550e8400-e29b-41d4-a716-446655440000
            type: string
        - description: Idempotency key (canonical).
          in: header
          name: X-Idempotency
          schema:
            description: Idempotency key (canonical).
            type: string
        - description: Idempotency key (legacy alias).
          in: header
          name: X-Idempotency-Key
          schema:
            description: Idempotency key (legacy alias).
            type: string
        - description: Idempotency key TTL in seconds.
          in: header
          name: X-TTL
          schema:
            description: Idempotency key TTL in seconds.
            examples:
              - '86400'
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateWebhookEndpointRequest'
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EventWebhookEndpointEnvelope'
          description: OK
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    UpdateWebhookEndpointRequest:
      additionalProperties: false
      properties:
        eventTypes:
          description: >-
            New subscription list, re-validated against the canonical catalog.
            Omit to leave unchanged; an explicit empty array clears the
            subscription.
          items:
            type: string
          type: array
        isActive:
          description: New active flag for the endpoint. Omit to leave unchanged.
          type: boolean
        metadata:
          additionalProperties: {}
          description: New client-defined metadata. Omit to leave unchanged.
          type: object
        secret:
          description: >-
            New shared signing secret (16-512 chars); re-encrypted at rest. Omit
            to leave unchanged.
          examples:
            - whsec_0123456789abcdef
          type: string
        url:
          description: >-
            New HTTPS endpoint; re-runs the HTTPS + SSRF check. Omit to leave
            unchanged.
          examples:
            - https://example.com/webhooks/str-events
          type: string
      type: object
    EventWebhookEndpointEnvelope:
      additionalProperties: false
      properties:
        correlationId:
          description: >-
            Request-scoped correlation identifier echoing X-Request-ID, for
            pivoting from response to trace.
          examples:
            - 550e8400-e29b-41d4-a716-446655440001
          type: string
        webhook:
          $ref: '#/components/schemas/EventWebhookEndpointResponse'
          description: The created, fetched, or updated webhook endpoint.
      required:
        - webhook
        - correlationId
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    EventWebhookEndpointResponse:
      additionalProperties: false
      properties:
        createdAt:
          description: RFC3339 UTC timestamp when the endpoint was registered.
          examples:
            - '2026-06-14T12:00:00Z'
          type: string
        eventTypes:
          description: Canonical control-plane event types the endpoint is subscribed to.
          items:
            type: string
          type:
            - array
            - 'null'
        isActive:
          description: Whether the endpoint is active and eligible to receive deliveries.
          type: boolean
        messageTypes:
          description: >-
            STR message types the endpoint is subscribed to; empty for
            event-type-only subscriptions.
          items:
            type: string
          type:
            - array
            - 'null'
        metadata:
          additionalProperties: {}
          description: >-
            Client-defined key/value metadata stored with the endpoint; omitted
            when none.
          type: object
        updatedAt:
          description: RFC3339 UTC timestamp of the last endpoint update.
          examples:
            - '2026-06-14T12:00:00Z'
          type: string
        url:
          description: HTTPS endpoint that receives event deliveries.
          examples:
            - https://example.com/webhooks/str-events
          type: string
        webhookId:
          description: Webhook endpoint UUID.
          examples:
            - 550e8400-e29b-41d4-a716-446655440000
          type: string
      required:
        - webhookId
        - url
        - eventTypes
        - messageTypes
        - isActive
        - createdAt
        - updatedAt
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT bearer token issued by the identity provider.
      scheme: bearer
      type: http

````