> ## Documentation Index
> Fetch the complete documentation index at: https://docs.totalis.trade/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Webhook Config

> Current webhook endpoint config + the subscribable event catalog.



## OpenAPI

````yaml GET /v1/webhooks
openapi: 3.0.3
info:
  title: Totalis RFQ API
  version: 2.1.0
  description: >-
    Public REST surface for the Totalis parlay RFQ platform — a decentralized
    request-for-quote marketplace for parlay bets across Kalshi and Polymarket,
    with on-chain Solana vault settlement.


    **Wire format**: snake_case JSON. All successful responses are wrapped in `{
    "data": ... }`; list endpoints add `meta` with cursor-based pagination.
    Errors use a `{ "error": { code, message, details? } }` envelope.


    **Authentication**: programmatic clients send `X-API-Key`; the web dashboard
    uses Privy JWTs (`Authorization: Bearer ...`). Any authenticated user can
    both place parlays and quote as a market maker — there is no separate MM
    role. Admin endpoints are out of scope for this public reference.


    **Rate limiting**: 100 req/min anonymous, 300 req/min authenticated.
    Responses include `X-RateLimit-*` headers. Request body limit: 256KB.


    **Pagination**: list endpoints use opaque cursor pagination. Pass
    `meta.cursor` from the previous response as `?cursor=...` to fetch the next
    page; do not parse or construct cursors client-side.
servers:
  - url: https://api.totalis.trade
    description: Production
security:
  - ApiKey: []
tags:
  - name: Markets
    description: Cached Kalshi and Polymarket market data.
  - name: User
    description: User profile, wallet, and devnet helpers.
  - name: API Keys
    description: Manage programmatic access keys for the authenticated user.
paths:
  /v1/webhooks:
    get:
      tags:
        - Webhooks
      summary: Get webhook config
      description: >-
        Returns the current webhook endpoint config (or nulls if never
        configured) plus the subscribable event catalog. The signing secret is
        never returned — only whether one is set.
      operationId: getWebhookConfig
      parameters:
        - name: owner_kind
          in: query
          description: 'Which endpoint to address: `user` (default) or `mm` (market-maker).'
          schema:
            type: string
            enum:
              - user
              - mm
            default: user
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    $ref: '#/components/schemas/WebhookConfig'
      security:
        - PrivyJWT: []
        - ApiKey: []
components:
  schemas:
    WebhookConfig:
      type: object
      properties:
        owner_kind:
          type: string
          enum:
            - user
            - mm
        url:
          type: string
          nullable: true
          description: Configured HTTPS endpoint, or null if never set.
        events:
          type: array
          items:
            type: string
          description: Subscribed event names.
        status:
          type: string
          nullable: true
          description: Endpoint status, or null if never configured.
        has_signing_secret:
          type: boolean
          description: Whether a signing secret is set (deliveries require one).
        event_catalog:
          type: array
          items:
            type: string
          description: The events this endpoint kind may subscribe to. (GET only.)
  securitySchemes:
    ApiKey:
      type: apiKey
      in: header
      name: X-API-Key
      description: >-
        Programmatic API key. Sent as `X-API-Key: <key>`. Generate one from the
        Totalis dashboard. The same header is accepted on the WebSocket auth
        message.
    PrivyJWT:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Privy JWT issued to the web dashboard. Sent as `Authorization: Bearer
        <jwt>`. The Privy session signer underpins all wallet-signed actions.

````