> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bizmori.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create webhook

> Register a new webhook.
- Multiple webhooks can be registered
- A signing secret is returned upon registration

**Important**: The secret is only shown in this response. Store it securely.

## Webhook Event Types

| Event Type | Description |
|-----------|-------------|
| `order.antiAi.completed` | Anti-AI processing completed |
| `order.antiAi.failed` | Anti-AI processing failed |
| `order.watermarkEmbed.completed` | Watermark embedding completed |
| `order.watermarkEmbed.failed` | Watermark embedding failed |
| `order.watermarkExtract.completed` | Watermark extraction completed |
| `order.watermarkExtract.failed` | Watermark extraction failed |

## Signature Verification

Webhook requests include an `X-MoriBiz-Signature` header.
The signature is generated using HMAC-SHA256 with the secret issued at registration.

```javascript
const crypto = require('crypto');
const signature = crypto.createHmac('sha256', secret)
  .update(JSON.stringify(payload))
  .digest('hex');
```

## Retry Policy

- Max 3 retries
- Exponential backoff (1s, 2s, 4s)
- Success response: 2xx status code




## OpenAPI

````yaml /api-reference/openapi.yaml POST /api/v2/orders/webhooks
openapi: 3.0.0
info:
  title: BIZ MORI API
  version: 2.0.0
  description: |
    BIZ MORI API provides four core services for digital content protection:
    - **Anti-AI**: Protect images from AI training
    - **Watermark Embed**: Embed invisible digital watermarks into images
    - **Watermark Extract**: Extract and verify watermarks from images
    - **AI Detection**: Detect whether an image is AI-generated
  contact:
    name: BIZ MORI Support
    email: support@bizmori.com
servers:
  - url: https://api.bizmori.com
    description: Production
security: []
tags:
  - name: Anti-AI
    description: Anti-AI image protection orders
  - name: Watermark Embed
    description: Watermark embedding orders
  - name: Watermark Extract
    description: Watermark extraction orders
  - name: AI Detection
    description: AI-generated image detection orders
  - name: Orders
    description: Order query and management
  - name: Webhooks
    description: Webhook configuration and events
paths:
  /api/v2/orders/webhooks:
    post:
      tags:
        - Webhooks
      summary: Create webhook
      description: >
        Register a new webhook.

        - Multiple webhooks can be registered

        - A signing secret is returned upon registration


        **Important**: The secret is only shown in this response. Store it
        securely.


        ## Webhook Event Types


        | Event Type | Description |

        |-----------|-------------|

        | `order.antiAi.completed` | Anti-AI processing completed |

        | `order.antiAi.failed` | Anti-AI processing failed |

        | `order.watermarkEmbed.completed` | Watermark embedding completed |

        | `order.watermarkEmbed.failed` | Watermark embedding failed |

        | `order.watermarkExtract.completed` | Watermark extraction completed |

        | `order.watermarkExtract.failed` | Watermark extraction failed |


        ## Signature Verification


        Webhook requests include an `X-MoriBiz-Signature` header.

        The signature is generated using HMAC-SHA256 with the secret issued at
        registration.


        ```javascript

        const crypto = require('crypto');

        const signature = crypto.createHmac('sha256', secret)
          .update(JSON.stringify(payload))
          .digest('hex');
        ```


        ## Retry Policy


        - Max 3 retries

        - Exponential backoff (1s, 2s, 4s)

        - Success response: 2xx status code
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookCreateRequest'
      responses:
        '200':
          description: Webhook created successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      id:
                        type: integer
                        description: Webhook ID
                      name:
                        type: string
                        description: Webhook name
                      secret:
                        type: string
                        description: >
                          Webhook signing secret.

                          **Warning**: This value cannot be retrieved again.
                          Store it securely.
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
      security:
        - BearerAuth: []
      x-codeSamples:
        - lang: curl
          label: cURL
          source: |-
            curl -X POST https://api.bizmori.com/api/v2/orders/webhooks \
              -H "Authorization: Bearer YOUR_API_TOKEN" \
              -H "Content-Type: application/json" \
              -d '{
                "name": "My Webhook",
                "url": "https://example.com/webhook"
              }'
        - lang: javascript
          label: JavaScript
          source: >-
            const response = await
            fetch('https://api.bizmori.com/api/v2/orders/webhooks', {
              method: 'POST',
              headers: {
                'Authorization': 'Bearer YOUR_API_TOKEN',
                'Content-Type': 'application/json'
              },
              body: JSON.stringify({
                name: 'My Webhook',
                url: 'https://example.com/webhook'
              })
            });

            const data = await response.json();

            // Save data.data.secret securely — it won't be shown again
        - lang: python
          label: Python
          source: |-
            import requests

            response = requests.post(
                'https://api.bizmori.com/api/v2/orders/webhooks',
                headers={'Authorization': 'Bearer YOUR_API_TOKEN'},
                json={
                    'name': 'My Webhook',
                    'url': 'https://example.com/webhook'
                }
            )
            data = response.json()
            # Save data['data']['secret'] securely — it won't be shown again
components:
  schemas:
    WebhookCreateRequest:
      type: object
      required:
        - url
      properties:
        name:
          type: string
          maxLength: 100
          description: Webhook name (for identification)
        url:
          type: string
          format: uri
          description: Webhook endpoint URL
          example: https://example.com/webhook
    ErrorResponse:
      type: object
      properties:
        code:
          type: string
          description: Error code
  responses:
    BadRequest:
      description: Bad request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: VALIDATION_FAILED
    Unauthorized:
      description: Authentication failed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            code: AUTH_NOT_AUTHENTICATED
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: API Key for external client access

````