> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mapping.travel/llms.txt
> Use this file to discover all available pages before exploring further.

# Legacy export webhooks (deprecated)

> The legacy /api/v1/export-webhooks endpoint. Kept mounted for one release for backwards compatibility — new integrations should use /api/v1/webhook-subscriptions instead.

<Warning>
  **Deprecated.** This endpoint is kept for backwards compatibility for one release. New integrations should use [`/api/v1/webhook-subscriptions`](/api/webhook-subscriptions/overview), which adds:

  * Per-subscription event filtering (`MAPPING_COMPLETED`, `MAPPING_ERROR_RESOLVED`, `INVENTORY_DUPLICATE_RESOLVED`)
  * HMAC-SHA256 request signing
  * Bounded async retries (1m → 5m → 30m → dead-letter)
  * Persisted delivery history with the `/deliveries` endpoint
  * Synthetic test events via `/test`

  Existing rows created via this endpoint are visible from both APIs; the same `id` works for both paths.
</Warning>

The legacy endpoint registers HTTPS endpoints that receive `mapping.completed` deliveries when a mapping job finishes. It fires fire-and-forget with no retry and no signing.

<Note>
  All endpoints require a bearer token in the `Authorization` header.
</Note>

***

## POST /api/v1/export-webhooks

Create a new webhook configuration.

### Request body

<ParamField body="name" type="string">
  Human-readable label for the webhook.
</ParamField>

<ParamField body="webhookUrl" type="string" required>
  HTTPS endpoint that will receive payloads. Must use `https://` and resolve to a non-private address.
</ParamField>

<ParamField body="apiKeyName" type="string">
  Header name we should attach to every request (e.g., `X-API-Key`).
</ParamField>

<ParamField body="apiKeyValue" type="string">
  Header value paired with `apiKeyName`. Stored encrypted at rest.
</ParamField>

<ParamField body="additionalHeaders" type="object">
  Extra headers to attach to every request as a key-value map.
</ParamField>

<ParamField body="status" type="string" default="ACTIVE">
  `ACTIVE` or `INACTIVE`.
</ParamField>

### Example

```bash theme={null} theme={null}
curl -X POST https://api.mapping.travel/api/v1/export-webhooks \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Inventory ops",
    "webhookUrl": "https://yourapp.com/webhooks/mapping",
    "apiKeyName": "X-API-Key",
    "apiKeyValue": "your-secret",
    "status": "ACTIVE"
  }'
```

***

## GET /api/v1/export-webhooks

List webhook configurations for the organization.

<ParamField query="activeOnly" type="boolean" default="false">
  When `true`, only `ACTIVE` configurations are returned.
</ParamField>

```bash theme={null} theme={null}
curl "https://api.mapping.travel/api/v1/export-webhooks?activeOnly=true" \
  -H "Authorization: Bearer <token>"
```

***

## GET /api/v1/export-webhooks/{id}

Retrieve a single webhook configuration.

```bash theme={null} theme={null}
curl "https://api.mapping.travel/api/v1/export-webhooks/<id>" \
  -H "Authorization: Bearer <token>"
```

***

## PUT /api/v1/export-webhooks/{id}

Replace the configuration. All fields in the request body overwrite the current values.

```bash theme={null} theme={null}
curl -X PUT https://api.mapping.travel/api/v1/export-webhooks/<id> \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Inventory ops v2",
    "webhookUrl": "https://yourapp.com/webhooks/mapping-v2",
    "status": "ACTIVE"
  }'
```

***

## DELETE /api/v1/export-webhooks/{id}

Permanently delete the configuration. Returns `204 No Content`.

```bash theme={null} theme={null}
curl -X DELETE https://api.mapping.travel/api/v1/export-webhooks/<id> \
  -H "Authorization: Bearer <token>"
```

<Warning>
  Deletion is permanent. To pause delivery without deleting, `PUT` with `status: "INACTIVE"`.
</Warning>

***

## What this endpoint does NOT support

These belong to the new endpoint:

* Choosing which events to subscribe to (legacy only fires `mapping.completed`)
* Signature verification headers (no `X-Webhook-Signature`)
* Automatic retries on failure (one attempt only — failures are logged but not retried)
* Delivery history (no `/deliveries` endpoint)
* Test events (no `/test` endpoint)
* Per-event tier gating

For any of the above, switch to [`/api/v1/webhook-subscriptions`](/api/webhook-subscriptions/overview).
