> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kiwify.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Listar Assinaturas de Webhook

> Recupera todas as assinaturas de webhook ativas para a conta bancária autenticada.



## OpenAPI

````yaml /api-reference/banking/openapi.pt.json get /v1/webhooks
openapi: 3.1.0
info:
  title: API Conta Digital
  description: API pública para gerenciamento de conta, extrato e operações PIX
  license:
    name: ''
  version: 0.1.0
servers:
  - url: https://conta-public-api.kiwify.com
    description: Production environment
security: []
tags:
  - name: Conta
    description: Detalhes da conta, saldo, limites e chaves PIX
  - name: Extrato
    description: Extrato e histórico de transações
  - name: Enviar Pix
    description: Enviar dinheiro via transferências PIX
  - name: Receber Pix
    description: Reembolsar transações PIX
  - name: Pagar boletos
    description: Pagar boletos via API
  - name: QR Codes PIX
    description: Geração de QR codes PIX para receber pagamentos
  - name: Webhooks
    description: >-
      Gerenciamento de assinaturas de webhook para recebimento de notificações
      de eventos
paths:
  /v1/webhooks:
    get:
      tags:
        - Webhooks
      summary: Listar Assinaturas de Webhook
      description: >-
        Recupera todas as assinaturas de webhook ativas para a conta bancária
        autenticada.
      operationId: list_webhooks
      responses:
        '200':
          description: List of webhook subscriptions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListWebhooksResponse'
        '401':
          description: >-
            Authentication failed - invalid or missing service account
            credentials
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Access denied - service account requires ManageWebhooks permission
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '500':
          description: 'Internal server error. Error code: INTERNAL_ERROR'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
      security:
        - AccessId: []
          PoPChallenge: []
          PoPFormat: []
          PoPSignature: []
components:
  schemas:
    ListWebhooksResponse:
      type: object
      description: Response containing the list of webhook subscriptions.
      required:
        - webhooks
      properties:
        webhooks:
          type: array
          items:
            $ref: '#/components/schemas/WebhookDto'
          description: List of webhook subscriptions for the authenticated account.
    ErrorResponse:
      type: object
      required:
        - error
        - timestamp
      properties:
        error:
          $ref: '#/components/schemas/ErrorDetails'
          description: Error payload.
        timestamp:
          type: string
          format: date-time
          description: ISO 8601 / RFC 3339 UTC timestamp of when the error occurred.
          example: '2026-05-28T14:30:00Z'
    WebhookDto:
      type: object
      description: Webhook subscription representation.
      required:
        - id
        - url
        - subscriptions
      properties:
        id:
          type: string
          description: Unique identifier of the webhook subscription.
          example: '6225875037061120'
        subscriptions:
          type: array
          items:
            $ref: '#/components/schemas/WebhookEventTypeDoc'
          description: List of event types this webhook is subscribed to.
        url:
          type: string
          description: The endpoint URL registered to receive webhook events.
          example: https://empresa.com/empresa_webhook
    ErrorDetails:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: >-
            Machine-readable error code. Use this for branching logic, not
            `message`.
          example: INVALID_REQUEST
        details:
          type: object
          description: >-
            Optional structured details. For `INVALID_REQUEST`, may be an array
            of field validation errors or a `validation_failed` object depending
            on the endpoint.
        message:
          type: string
          description: >-
            Human-readable error description. Do not rely on this text for
            programmatic handling.
    WebhookEventTypeDoc:
      type: string
      description: >-
        Event type to subscribe to for webhook notifications.


        Each webhook subscription must include at least one event type.

        Events are sent as HTTP POST requests to the registered endpoint URL.


        ## Subscription → delivery event mapping


        | Subscription | Delivery events (`envelope.type`) |

        |---|---|

        | `CASHIN.PIX.QRCODES` | `CASHIN.PIX.QRCODES.CREATED`,
        `CASHIN.PIX.QRCODES.PAID` |

        | `CASHIN.DEPOSITS` | `CASHIN.DEPOSITS.RECEIVED` |

        | `CASHOUT.PIX.TRANSFERS` | `CASHOUT.PIX.TRANSFERS.SCHEDULED`,
        `CASHOUT.PIX.TRANSFERS.COMPLETED`, `CASHOUT.PIX.TRANSFERS.FAILED`,
        `CASHOUT.PIX.TRANSFERS.SCHEDULED.FAILED` (planned:
        `CASHOUT.PIX.TRANSFERS.CREATED`) |

        | `CASHOUT.PIX.REFUNDS` | `CASHOUT.PIX.REFUNDS.COMPLETED`,
        `CASHOUT.PIX.REFUNDS.FAILED` |

        | `CASHOUT.BOLETO.PAYMENTS` | `CASHOUT.BOLETO.PAYMENTS.SCHEDULED`,
        `CASHOUT.BOLETO.PAYMENTS.COMPLETED`, `CASHOUT.BOLETO.PAYMENTS.FAILED`,
        `CASHOUT.BOLETO.PAYMENTS.SCHEDULED.FAILED` |

        | `CASHOUT.PIX.QRCODE.PAYMENTS` | Reserved — no delivery yet |
      enum:
        - CASHIN.PIX.QRCODES
        - CASHIN.DEPOSITS
        - CASHOUT.PIX.TRANSFERS
        - CASHOUT.PIX.REFUNDS
        - CASHOUT.BOLETO.PAYMENTS
        - CASHOUT.PIX.QRCODE.PAYMENTS
  securitySchemes:
    AccessId:
      type: apiKey
      in: header
      name: x-access-id
      description: UUID of the service account (e.g., 550e8400-e29b-41d4-a716-446655440000)
    PoPChallenge:
      type: apiKey
      in: header
      name: X-PoP-Challenge
      description: >-
        Unix timestamp in milliseconds (e.g., 1704636800000). Must be within 5
        minutes of server time.
    PoPFormat:
      type: apiKey
      in: header
      name: X-PoP-Format
      description: Must be 'service-account' for service account authentication
    PoPSignature:
      type: apiKey
      in: header
      name: X-PoP-Signature
      description: >-
        EdDSA signature of the request in base64 format. Signs:
        uri:method:body:timestamp

````