Webhook Management API
Version 1.0 — November 2025
Authentication - Login API
To access the GraphQL APIs, users must first authenticate using the Xemelgo Login REST API.
Endpoint Details
- URL:
https://rest.api.xemelgo.com/login - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
email | String | base64 Encoded email id for user | Yes |
password | String | base64 encoded password for user | Yes |
Password needs to be a minimum of 8 characters and should have a number in it.
Request Body
{
"email": "base64_encoded_email",
"password": "base64_encoded_password"
}
StatusCode - 200 on success
Response Body
{
"AccessToken": "$accessToken",
"ExpiresIn": 480,
"TokenType": "Bearer",
"RefreshToken": "$refreshToken",
"IdToken": "$idToken"
}
Use the $idToken as the authorization header for all API requests.
Errors
| Error | Error code | Exception |
|---|---|---|
| In correct username and/or password | 400 | NotAuthorizedException |
Register Webhook API
Register Webhook API allows you to subscribe to specific event topics and receive webhook notifications at your endpoint when those events occur.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
endpoint | String | The HTTPS endpoint URL where webhook events should be sent | Yes |
secret | String | Secret key used to verify webhook signatures. Must be greater than 24 characters | Yes |
topics | [String] | Array of topic strings to subscribe to (e.g., ["inventory.cycle_count"]) | Yes |
Headers
Authorization – $idToken
Request Body
mutation {
registerWebhook(
input: {
topics: ["inventory.cycle_count"]
secret: "your-secret-key-must-be-longer-than-24-characters"
endpoint: "https://ab1d316d1bbe.ngrok-free.app"
}
) {
webhook {
id
topics
endpoint
creationDate
}
}
}
Status Code - 200
Response Body
{
"data": {
"registerWebhook": {
"webhook": {
"id": "webhook-12345",
"topics": ["inventory.cycle_count"],
"endpoint": "https://ab1d316d1bbe.ngrok-free.app",
"creationDate": 1704067200000
}
}
}
}
Response consists of the created webhook subscription with its unique identifier, subscribed topics, endpoint, and creation timestamp.
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Unregister Webhook API
Unregister Webhook API allows you to delete a webhook subscription by its ID, stopping all future webhook deliveries for that subscription.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
id | ID | The unique identifier of the webhook to delete | Yes |
Headers
Authorization – $idToken
Request Body
mutation {
unregisterWebhook(input: { id: "webhook-12345" }) {
webhook {
id
topics
endpoint
creationDate
}
}
}
Status Code - 200
Response Body
{
"data": {
"unregisterWebhook": {
"webhook": {
"id": "webhook-12345",
"topics": ["inventory.cycle_count"],
"endpoint": "https://ab1d316d1bbe.ngrok-free.app",
"creationDate": 1704067200000
}
}
}
}
Response consists of the deleted webhook subscription details.
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
List Webhooks API
List Webhooks API allows you to retrieve all registered webhook subscriptions for your account.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Response Properties
| Property | Type | Description |
|---|---|---|
webhooks | [WebhookSubscription] | Array of webhook subscription objects |
WebhookSubscription Properties
| Property | Type | Description |
|---|---|---|
id | String | Unique identifier for the webhook subscription |
endpoint | String | The HTTPS endpoint URL where events are sent |
topics | [String] | Array of topic strings the webhook is subscribed to |
creationDate | AWSTimestamp | Timestamp when the webhook subscription was created |
Headers
Authorization – $idToken
Request Body
query {
webhooks {
webhooks {
id
endpoint
topics
creationDate
}
}
}
Status Code - 200
Response Body
{
"data": {
"webhooks": {
"webhooks": [
{
"id": "webhook-12345",
"endpoint": "https://ab1d316d1bbe.ngrok-free.app",
"topics": ["inventory.cycle_count"],
"creationDate": 1704067200000
},
{
"id": "webhook-67890",
"endpoint": "https://example.com/webhooks",
"topics": ["inventory.cycle_count"],
"creationDate": 1704153600000
}
]
}
}
}
Response consists of a list of all registered webhook subscriptions.
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Webhook Management Postman Collection
{
"info": {
"_postman_id": "webhook-management-collection",
"name": "Webhook Management Collection",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "14257901"
},
"item": [
{
"name": "Login",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
"var emailId = \"base 64 encoded email\";",
"var pass = \"base 64 encoded password\";",
"",
"pm.environment.set(\"email\", btoa(emailId));",
"pm.environment.set(\"password\", btoa(pass));"
],
"type": "text/javascript",
"packages": {}
}
},
{
"listen": "test",
"script": {
"exec": [
"var jsonData = JSON.parse(responseBody);",
"pm.environment.set(\"token\", jsonData.IdToken);"
],
"type": "text/javascript",
"packages": {}
}
}
],
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "scenario",
"value": "1",
"type": "text",
"disabled": true
}
],
"body": {
"mode": "raw",
"raw": "{\n \"email\": \"{{email}}\",\n \"password\": \"{{password}}\"\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "https://rest.api.xemelgo.com/login",
"protocol": "https",
"host": ["rest", "api", "xemelgo", "com"],
"path": ["login"]
}
},
"response": []
},
{
"name": "Register Webhook",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "{{token}}",
"type": "text"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation {\n registerWebhook(\n input: {\n topics: [\"inventory.cycle_count\"]\n secret: \"your-secret-key-must-be-longer-than-24-characters\"\n endpoint: \"https://ab1d316d1bbe.ngrok-free.app\"\n }\n ) {\n webhook {\n id\n topics\n endpoint\n creationDate\n }\n }\n}",
"variables": ""
}
},
"url": {
"raw": "https://api.xemelgo.com/graphql",
"protocol": "https",
"host": ["api", "xemelgo", "com"],
"path": ["graphql"]
}
},
"response": []
},
{
"name": "List Webhooks",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "{{token}}",
"type": "text"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "query {\n webhooks {\n webhooks {\n id\n endpoint\n topics\n creationDate\n }\n }\n}",
"variables": ""
}
},
"url": {
"raw": "https://api.xemelgo.com/graphql",
"protocol": "https",
"host": ["api", "xemelgo", "com"],
"path": ["graphql"]
}
},
"response": []
},
{
"name": "Unregister Webhook",
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "Authorization",
"value": "{{token}}",
"type": "text"
}
],
"body": {
"mode": "graphql",
"graphql": {
"query": "mutation {\n unregisterWebhook(\n input: {\n id: \"webhook-12345\"\n }\n ) {\n webhook {\n id\n topics\n endpoint\n creationDate\n }\n }\n}",
"variables": ""
}
},
"url": {
"raw": "https://api.xemelgo.com/graphql",
"protocol": "https",
"host": ["api", "xemelgo", "com"],
"path": ["graphql"]
}
},
"response": []
}
]
}