> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# List Webhook Destinations

> List all webhook destinations (unpaginated array, oldest first). Each row includes URL, subscribed events, and delivery health metrics. The signing secret is NOT included in the list — fetch a single destination (`GET /v3/webhook/destinations/{destination_uuid}/`) to read `secret_shared_key`.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

<AgentPromptAccordion
  title="List Webhook Destinations API Prompt"
  prompt={`List every webhook destination configured for my Didit application through the Management API.

Endpoint:
GET https://verification.didit.me/v3/webhook/destinations/

Authentication:
Use the x-api-key header with my Didit API key.

Goal:
- Get every webhook destination (URL, version, subscribed events, delivery health) for my application. Use this to build a back-office "Webhooks" screen or to audit which destinations are receiving which events.

Behavior:
- Returns a JSON array (not paginated) of destinations ordered by created_at.
- secret_shared_key is included only for API keys that hold the read:webhooks permission; otherwise it is returned as an empty string. The audited create response is still the safest place to capture the secret — treat the create response as your one chance to store it.
- Each destination carries a delivery summary (total_deliveries, failed_deliveries, error_rate_percentage, min/avg/max response_time_ms, last_delivery_at) — use error_rate_percentage to flag unhealthy destinations.

Example call:
curl -X GET "https://verification.didit.me/v3/webhook/destinations/" \\
-H "x-api-key: YOUR_API_KEY"

What to read from the response:
- uuid — destination id; use as {destination_uuid} in subsequent calls.
- url, label, enabled — basic config.
- webhook_version — payload schema version ("v1", "v2", or "v3"; v3 is current).
- subscribed_events — list of event names this destination receives. There is no wildcard.
- summary.error_rate_percentage — useful health signal.

Failure modes:
- 401 — missing or malformed x-api-key.
- 403 — canonical { "detail": "You do not have permission to perform this action." } envelope.
- 429 — rate limited; back off and retry.

Side effects: none. This is a pure read.

For the full integration shape, see /integration/integration-prompt.`}
/>


## OpenAPI

````yaml GET /v3/webhook/destinations/
openapi: 3.0.0
info:
  version: 3.0.0
  title: Didit Verification API
  description: Identity verification API. Authenticate with x-api-key header.
servers:
  - url: https://verification.didit.me
security: []
tags: []
paths:
  /v3/webhook/destinations/:
    get:
      tags:
        - Webhook
      summary: List webhook destinations
      description: >-
        List all webhook destinations (unpaginated array, oldest first). Each
        row includes URL, subscribed events, and delivery health metrics. The
        signing secret is NOT included in the list — fetch a single destination
        (`GET /v3/webhook/destinations/{destination_uuid}/`) to read
        `secret_shared_key`.
      operationId: list_webhook_destinations
      responses:
        '200':
          description: List of webhook destinations (unpaginated, oldest first).
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    uuid:
                      type: string
                      format: uuid
                      description: >-
                        Stable destination identifier; use as
                        `{destination_uuid}` for update/delete.
                    label:
                      type: string
                      description: Human-readable name shown in the Console.
                    url:
                      type: string
                      format: uri
                      description: >-
                        Destination URL that receives `POST` requests with the
                        webhook payload.
                    enabled:
                      type: boolean
                      description: >-
                        When `false`, Didit silently skips delivery to this
                        destination.
                    webhook_version:
                      type: string
                      enum:
                        - v1
                        - v2
                        - v3
                      description: >-
                        Payload schema version sent to this destination. `v3` is
                        the current/recommended format.
                    subscribed_events:
                      $ref: '#/components/schemas/WebhookSubscribedEvents'
                    subscribed_events_count:
                      type: integer
                      description: >-
                        Cached length of `subscribed_events`, useful for UI
                        rendering.
                    deliveries_count:
                      type: integer
                      description: >-
                        Total delivery attempts (successful + failed) recorded
                        for this destination.
                    failed_deliveries_count:
                      type: integer
                      description: >-
                        Delivery attempts whose target responded with HTTP ≥ 400
                        (or did not respond).
                    average_response_time_ms:
                      type: integer
                      nullable: true
                      description: >-
                        Average target response time in milliseconds, rounded to
                        an integer. `null` if no deliveries yet.
                    error_rate_percentage:
                      type: integer
                      description: >-
                        `round(failed_deliveries_count / deliveries_count *
                        100)`; `0` when there are no deliveries.
                    last_delivery_at:
                      type: string
                      format: date-time
                      nullable: true
                      description: >-
                        Timestamp of the most recent delivery attempt (success
                        or failure). `null` if never delivered.
                    created_at:
                      type: string
                      format: date-time
                    updated_at:
                      type: string
                      format: date-time
              examples:
                Two destinations:
                  value:
                    - uuid: 11111111-2222-3333-4444-555555555555
                      label: Production session webhooks
                      url: https://yourapp.com/webhooks/didit
                      enabled: true
                      webhook_version: v3
                      subscribed_events:
                        - status.updated
                        - data.updated
                      subscribed_events_count: 2
                      deliveries_count: 12453
                      failed_deliveries_count: 14
                      average_response_time_ms: 187
                      error_rate_percentage: 0
                      last_delivery_at: '2026-05-17T09:21:18Z'
                      created_at: '2026-01-04T08:00:00Z'
                      updated_at: '2026-04-22T14:09:11Z'
                    - uuid: 22222222-3333-4444-5555-666666666666
                      label: Staging mirror
                      url: https://staging.yourapp.com/webhooks/didit
                      enabled: false
                      webhook_version: v3
                      subscribed_events:
                        - status.updated
                      subscribed_events_count: 1
                      deliveries_count: 0
                      failed_deliveries_count: 0
                      average_response_time_ms: null
                      error_rate_percentage: 0
                      last_delivery_at: null
                      created_at: '2026-03-12T10:15:02Z'
                      updated_at: '2026-03-12T10:15:02Z'
        '403':
          description: >-
            API key missing, malformed, expired, or scoped to a different
            application. Didit returns 403 (never 401) for all authentication
            failures on this endpoint.
          content:
            application/json:
              examples:
                Forbidden:
                  value:
                    detail: You do not have permission to perform this action.
        '429':
          description: Rate limit exceeded; back off and retry.
          content:
            application/json:
              examples:
                Throttled:
                  value:
                    detail: Request was throttled. Expected available in 30 seconds.
      security:
        - ApiKeyAuth: []
      x-codeSamples:
        - lang: curl
          label: curl
          source: >-
            curl -X GET 'https://verification.didit.me/v3/webhook/destinations/'
            \
              -H 'x-api-key: YOUR_API_KEY'
        - lang: python
          label: Python
          source: |-
            import os

            import requests

            resp = requests.get(
                'https://verification.didit.me/v3/webhook/destinations/',
                headers={'x-api-key': os.environ['DIDIT_API_KEY']},
                timeout=10,
            )
            resp.raise_for_status()
            for dest in resp.json():
                health = 'OK' if dest['error_rate_percentage'] < 5 else 'DEGRADED'
                print(f"{dest['label']:30s} {dest['url']:50s} {health}")
        - lang: javascript
          label: JavaScript
          source: >-
            const resp = await
            fetch('https://verification.didit.me/v3/webhook/destinations/', {
              headers: { 'x-api-key': process.env.DIDIT_API_KEY },
            });

            const destinations = await resp.json();

            for (const d of destinations) {
              console.log(d.label, d.url, `${d.error_rate_percentage}% errors`);
            }
components:
  schemas:
    WebhookSubscribedEvents:
      type: array
      description: >-
        Event filter for this webhook destination. Didit delivers only webhooks
        whose event type exactly matches one of these values — there is no
        wildcard subscription. When sent, the list must contain at least one
        valid event (an explicit `[]` is rejected with 400); a destination whose
        list is empty (field omitted at create) receives nothing. On update the
        list is replaced wholesale, never merged.
      minItems: 1
      uniqueItems: true
      items:
        $ref: '#/components/schemas/WebhookEvent'
      example:
        - status.updated
        - data.updated
    WebhookEvent:
      type: string
      description: >-
        Supported webhook event name. Use these exact strings in
        `subscribed_events`; unsupported values are rejected.
      enum:
        - status.updated
        - data.updated
        - user.status.updated
        - user.data.updated
        - business.status.updated
        - business.data.updated
        - activity.created
        - transaction.created
        - transaction.status.updated
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key

````