> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kiwify.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Deactivate a Webhook Subscription

> Deactivates a specific webhook subscription identified by its `id`. This operation performs a soft delete, meaning the subscription's status is updated to `is_active = false` and `deleted_at` is set to the current timestamp. The subscription will cease to receive new webhook events.

**Key Considerations:**
* **Ownership:** Only the bank account that originally created the subscription can deactivate it.
* **Security:** Attempts by unauthorized accounts to deactivate a subscription will result in a `404 Not Found` response to prevent enumeration of existing resources.
* **Idempotency:** Deactivating an already inactive subscription will also return a `404 Not Found`.

**Authorization:** Requires the `ManageWebhooks` permission.



## OpenAPI

````yaml /api-reference/banking/openapi.json delete /v1/webhooks/{id}
openapi: 3.1.0
info:
  title: Digital Account API
  description: Public API for account management, statements, and PIX operations
  license:
    name: ''
  version: 0.1.0
servers:
  - url: https://conta-public-api.kiwify.com
    description: Production environment
security: []
tags:
  - name: Account
    description: Account details, balance, limits, and PIX keys
  - name: Statement
    description: Account statement and transaction history
  - name: Cash out Pix
    description: Send money via PIX transfers
  - name: Cash in Pix
    description: Refund PIX transactions
  - name: Boleto Payments
    description: Pay boletos via API
  - name: PIX QR Codes
    description: PIX QR code generation for receiving payments
  - name: Webhooks
    description: >-
      Manage webhook subscriptions to receive real-time event notifications from
      the API.
paths:
  /v1/webhooks/{id}:
    delete:
      tags:
        - Webhooks
      summary: Deactivate a Webhook Subscription
      description: >-
        Deactivates a specific webhook subscription identified by its `id`. This
        operation performs a soft delete, meaning the subscription's status is
        updated to `is_active = false` and `deleted_at` is set to the current
        timestamp. The subscription will cease to receive new webhook events.


        **Key Considerations:**

        * **Ownership:** Only the bank account that originally created the
        subscription can deactivate it.

        * **Security:** Attempts by unauthorized accounts to deactivate a
        subscription will result in a `404 Not Found` response to prevent
        enumeration of existing resources.

        * **Idempotency:** Deactivating an already inactive subscription will
        also return a `404 Not Found`.


        **Authorization:** Requires the `ManageWebhooks` permission.
      operationId: delete_webhook
      parameters:
        - name: id
          in: path
          description: Webhook subscription ID to delete
          required: true
          schema:
            type: integer
            format: int64
      responses:
        '204':
          description: Webhook subscription deleted successfully
        '401':
          description: >-
            Authentication failed - invalid or missing service account
            credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Access denied - service account requires ManageWebhooks permission
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: 'Webhook subscription not found. Error code: WEBHOOK_NOT_FOUND'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: 'Internal server error. Error code: INTERNAL_ERROR'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - AccessId: []
          PoPChallenge: []
          PoPFormat: []
          PoPSignature: []
components:
  schemas:
    ErrorResponse:
      type: object
      required:
        - error
        - timestamp
      properties:
        error:
          $ref: '#/components/schemas/ErrorDetails'
          description: Error payload.
        timestamp:
          type: string
          format: date-time
          description: ISO 8601 / RFC 3339 UTC timestamp of when the error occurred.
          example: '2026-05-28T14:30:00Z'
    ErrorDetails:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: >-
            Machine-readable error code. Use this for branching logic, not
            `message`.
          example: INVALID_REQUEST
        details:
          type: object
          description: >-
            Optional structured details. For `INVALID_REQUEST`, may be an array
            of field validation errors or a `validation_failed` object depending
            on the endpoint.
        message:
          type: string
          description: >-
            Human-readable error description. Do not rely on this text for
            programmatic handling.
  securitySchemes:
    AccessId:
      type: apiKey
      in: header
      name: x-access-id
      description: UUID of the service account (e.g., 550e8400-e29b-41d4-a716-446655440000)
    PoPChallenge:
      type: apiKey
      in: header
      name: X-PoP-Challenge
      description: >-
        Unix timestamp in milliseconds (e.g., 1704636800000). Must be within 5
        minutes of server time.
    PoPFormat:
      type: apiKey
      in: header
      name: X-PoP-Format
      description: Must be 'service-account' for service account authentication
    PoPSignature:
      type: apiKey
      in: header
      name: X-PoP-Signature
      description: >-
        EdDSA signature of the request in base64 format. Signs:
        uri:method:body:timestamp

````