> ## Documentation Index
> Fetch the complete documentation index at: https://docs.atollhq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create outbound webhook

> Creates an outbound webhook. The `url` must be an HTTPS DNS hostname; IP literals, `localhost`, `.local` hosts, credentials, and fragments are rejected at creation. Delivery refuses non-public DNS results and does not follow redirects. Delivery requests include `X-Atoll-Delivery-Id` for receiver-side deduplication. Atoll retries network failures and 5xx responses after 5s and 30s, then records `status: retry_pending` with `next_retry_at`; an internal cron drains due retries every 15 minutes.



## OpenAPI

````yaml /openapi.json post /api/webhooks
openapi: 3.1.0
info:
  title: Atoll API
  version: 1.0.0
  description: >-
    REST API for Atoll project management, agent collaboration, strategy
    tracking, and integrations.
servers:
  - url: https://atollhq.com
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Organizations
  - name: Projects
  - name: Project access
  - name: Issues
  - name: Issue details
  - name: Milestones
  - name: Strategy
  - name: Members and agents
  - name: Planning
  - name: Integrations and billing
  - name: Notifications and public
paths:
  /api/webhooks:
    post:
      tags:
        - Integrations and billing
      summary: Create outbound webhook
      description: >-
        Creates an outbound webhook. The `url` must be an HTTPS DNS hostname; IP
        literals, `localhost`, `.local` hosts, credentials, and fragments are
        rejected at creation. Delivery refuses non-public DNS results and does
        not follow redirects. Delivery requests include `X-Atoll-Delivery-Id`
        for receiver-side deduplication. Atoll retries network failures and 5xx
        responses after 5s and 30s, then records `status: retry_pending` with
        `next_retry_at`; an internal cron drains due retries every 15 minutes.
      operationId: post_api_webhooks
      parameters:
        - name: orgId
          in: query
          required: false
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookInput'
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '201':
          description: Created
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/ServerError'
      security:
        - bearerAuth: []
components:
  schemas:
    WebhookInput:
      type: object
      properties:
        url:
          type: string
          format: uri
          description: >-
            HTTPS DNS receiver URL. IP literals, `localhost`, `.local` hosts,
            URL credentials, and fragments are rejected at creation. Delivery
            refuses private, loopback, link-local, documentation, multicast, or
            otherwise non-public DNS results and does not follow redirects.
        events:
          type: array
          items:
            type: string
        enabled:
          type: boolean
      required:
        - url
      additionalProperties: true
    Error:
      type: object
      properties:
        error:
          type: string
        code:
          type: string
      required:
        - error
      additionalProperties: true
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing or invalid authentication
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: Authenticated but not allowed
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found or not visible
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ServerError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: sk_atoll_<key>

````