Create a webhook configuration

Coro provides webhook configuration to enable customers to receive real-time updates when specific events occur in a workspace. These webhooks are ideal for managed service providers (MSPs) to automate billing tasks such as updating invoices or tracking client usage changes. For more information about webhooks, see What are webhooks.

This guide describes how to create a webhook that is triggered when a new workspace is created:

  1. Request your authentication token .
  2. Create the webhook configuration .
  3. Receive webhook alerts .
  4. Manage your webhook configuration .
note

You can also create webhook configurations from the Coro console. For more information, see Creating and managing webhooks.

Request your authentication token

Make a POST request to the /oauth/token resource endpoint using your Client ID and Client Secret. Each token is valid for 24 hours.

The request should appear similar to:

curlJavaScript
Copy
Copied
curl -i -X POST \
  https://api.secure.coro.net/oauth/token \
  -H 'Content-Type: application/json' \
  -d '{
    "client_id": "2qDgzSrZxnUCs4jqmfdEP5MVkEmA3Uak",
    "client_secret": "9c9Dabz5nQT65LXfYt_61wxb9UssT7tpzTM-gVB4RJZB9gKDf1_TjO6o3eLcBaba",
    "audience": "https://api.secure.coro.net",
    "grant_type": "client_credentials"
  }'
Copy
Copied
const resp = await fetch(
  `https://api.secure.coro.net/oauth/token`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      client_id: '2qDgzSrZxnUCs4jqmfdEP5MVkEmA3Uak',
      client_secret: '9c9Dabz5nQT65LXfYt_61wxb9UssT7tpzTM-gVB4RJZB9gKDf1_TjO6o3eLcBaba',
      audience: 'https://api.secure.coro.net',
      grant_type: 'client_credentials'
    })
  }
);
const data = await resp.json();
console.log(data);

The following table describes the parameters in the request:

Parameter Data type Description Example Required
client_id String The unique identifier for the client. This value is provided by Coro support. 2qDgzSrZxnUCs4jqmfdEP5MVkEmA3Uak yes
client_secret String The secret for the client. This value is provided by Coro support. 9c9Dabz5nQT65LXfYt_61wxb9UssT7tpzTM-gVB4RJZB9gKDf1_TjO6o3eLcBaba yes
audience String The URL for the Coro API server.
Options include: https://api.secure.coro.net, https://api.secure-ca.coro.net, https://api.secure-eu.coro.net		 https://api.secure.coro.net yes
grant_type String The method by which you want to request a bearer token for authentication. At this time, Coro only supports client_credentials. client_credentials yes

A successful response appears similar to:

Copy
Copied
HTTP/1.1 200 OK
Content-Type: application/json
Date: {date}
X-Coro-Trace-Id: {trace-id}
Transfer-Encoding: chunked

{
  "access_token":"TRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNj.dcukG0cw3eh4jqEMCwxZ2N3mziZ2hpFbv4--VYrXA3Q",
  "token_type":"Bearer",
  "expires_in":86400
  }

The following table describes the parameters in the response:

Parameter Description Example
access_token The access token used to access API resources. TRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNjTRDNxdkVHYms0R2U1IiwiaWF0IjoxNj.dcukG0cw3eh4jqEMCwxZ2N3mziZ2hpFbv4--VYrXA3Q
token_type The type of token. Bearer
expires_in The expiration time of the token, in seconds. Each token is valid for 24 hours. 86400

Create the webhook configuration

Create a new webhook configuration. Make a POST request to the /settings/webhooks resource endpoint, and specify the workspace-created trigger.

The request should appear similar to:

curlJavascript
Copy
Copied
curl -i -X POST \
  https://api.secure.coro.net/v1/settings/webhooks \
  -H 'Authorization: Bearer <access_token>' \
  -H 'Content-Type: application/json' \
  -H 'Workspace: company1Workspace' \
  -d '{"name": "Billing webhooks",
    "description": "Used for updating QuickBooks",
    "applyToAllDescendants": true,
    "url": "https://www.customer.example/quickbookwebhook",
    "secret": "supersecuresecret",
    "headers":{
        "Authorization": "Bearer YOUR_ACCESS_TOKEN",
        "Content-Type": "application/json"
        },
    "triggers": [
        "workspace-created"
        ],
    "status": "enabled"
    }'
Copy
Copied
const resp = await fetch(
  `https://api.secure.coro.net/v1/settings/webhooks`,
  {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      name: 'Billing webhooks',
      description: 'Used for updating QuickBooks',
      applyToAllDescendants: true,
      url: 'https://www.customer.example/quickbookwebhook',
      secret: 'supersecuresecret',
      headers: {
        X-Request-ID: 123e4567-e89b-12d3-a456-426614174000
      },
      triggers: [
        'workspace-created'
      ],
      status: 'enabled'
    })
  }
);

const data = await resp.json();
console.log(data);

The following table describes the parameters in the request:

Field Data type Description Example Required
Workspace String The workspace identifier, which isolates API requests inside the provided workspace scope. channelWorkspace yes
name String The name of the webhook. Billing webhooks No
description String A longer description, if needed. Used to update QuickBooks No
applyToAllDescendents Boolean If true, webhooks are sent for all descendants of this workspace. This is relevant for channel workspaces. true Yes
url String The URL to which the webhook data will be sent. https://www.customer.example/quickbookwebhook Yes
secret String Used to validate webhooks sent by Coro. supersecuresecret Yes
headers Object of strings A JSON object containing key-value pairs for any additional headers required by the receiving endpoint. X-Request-ID: 123e4567-e89b-12d3-a456-426614174000 No
triggers Array of strings A list of events that trigger the webhook. workspace-created Yes
status String The current status of the webhook configuration. Options include enabled and disabled. enabled Yes

A successful response appears similar to:

Copy
Copied
HTTP/1.1 201 Created
Content-Type: application/json
Date: {date}
X-Coro-Trace-Id: {trace-id}
Transfer-Encoding: chunked

{
    "id": "66b204f0c992d50b8b2f984c"
    "name": "Billing webhooks",
    "description": "Used for updating QuickBooks",
    "applyToAllDescendants": true,
    "url": "https://www.customer.example/quickbookwebhook",
    "secret": "supersecuresecret",
    "headers":{
        X-Request-ID: 123e4567-e89b-12d3-a456-426614174000
        },
    "triggers": [
        "workspace-created"
        ],
    "status": "enabled",
    "updated": 0
}

The following table describes the parameters in the response:

Field Data type Description Example
id String The unique identifier of the webhook configuration. 66b204f0c992d50b8b2f984c
name String The name of the webhook. Billing webhooks
description String A longer description, if needed. Used to update QuickBooks
applyToAllDescendents Boolean If true, webhooks are sent for all descendants of this workspace. true
url String The URL to which the webhook data will be sent. https://www.customer.example/quickbookwebhook
secret String Used to validate webhooks sent by Coro. See Webhook security for more information. supersecuresecret
headers Object of strings A JSON object containing key-value pairs for any additional headers required by the receiving endpoint. X-Request-ID: 123e4567-e89b-12d3-a456-426614174000
triggers Array of strings A list of events that trigger the webhook. workspace-created
status String The current status of the webhook configuration. Options include enabled and disabled. enabled
updated String The timestamp of the webhook configuration, in UNIX format including milliseconds. 1709856000000

Receive webhook alerts

Any time a new workspace is created, a webhook alert is sent to the specified URL. The alert appears similar to:

Copy
Copied
{
  "id": "12345",
  "timestamp": "1627670400000",
  "workspaceId": "workspace123",
  "type": "workspace-created",
  "data": {
    "companyName": "company1",
    "displayName": "company1",
    "domain": "The workspace domain",
    "type": "child",
    "maxProtectedUsers": "25",
    "notificationLevel": "parent",
    "parentWorkspaceId": "parentWorkspace",
    "adminEmails": "admin2@company1workspace.com",
    "workspaceCreationTime": "1641009600000"
    "subscriptionType": "initial"
    }
}
Field Data type Description Example
id The unique identifier of the webhook. 12345
timestamp The timestamp of the webhook, in UTC milliseconds. 1627670400000
workspaceId The unique identifier of the workspace to which the webhook applies. workspace123
type The event which triggered the webhook. workspace-created
data > companyName string The name of the company for which the workspace is created. company1
data > displayName string The name displayed for the workspace from the user interface. company1
data > domain string The workspace domain. company1Workspace.com
data > type string The type of workspace being created.
Options include: regular - for individual companies; channel - for the MSP parent level; child - for MSP customers.		 child
data > maxProtectedUsers string The maximum number of users allowed in the workspace. 25
data > notificationLevel string The admin users who will receive notifications.
Options include: none, parent, all.		 parent
data > parentworkspaceId string The unique identifier of the parent workspace, if applicable. parentWorkspace
data > adminEmails string The email addresses of all admin users associated with the workspace. admin2@company1workspace.com
data > workspaceCreationTime string The date the workspace was created, in UNIX format, including milliseconds. 1641009600000
data > subscriptionType string The type of subscription for the workspace. initial

Manage your webhook configuration

After creating a webhook configuration, you can view, update, or delete the configuration with GET, PUT, or DELETE requests to the /settings/webhooks/{id} resource endpoint. For more information about these calls, see the Coro API reference.