> ## Documentation Index
> Fetch the complete documentation index at: https://getprescience.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Set the webhook endpoint

> Registers (or replaces) your HTTPS webhook endpoint. The signing secret is returned once and stored encrypted; save it immediately. Rotating: call this endpoint again to get a new secret.



## OpenAPI

````yaml /api-reference/openapi.json put /webhook
openapi: 3.1.0
info:
  title: Prescience Partner API
  version: 1.1.0
  description: >-
    Create employer groups, submit census records, generate indicative quotes,
    create enrollments, and read aggregate account data.


    Money is always integer cents. Dates are `YYYY-MM-DD`; timestamps are ISO
    8601 UTC. Quotes are indicative pending underwriting confirmation. A BAA and
    data processing agreement are executed before live mode is enabled.
  contact:
    name: Prescience partner engineering
    email: partners@getprescience.com
servers:
  - url: https://www.getprescience.com/api/partner/v1
    description: >-
      Production. Test and live traffic share this host; mode comes from your
      API key.
security:
  - bearerAuth: []
tags:
  - name: Health
    description: Connectivity and key checks.
  - name: Plans
    description: Static plan metadata.
  - name: Groups
    description: 'Employer groups: the root resource of every integration.'
  - name: Census
    description: Pre-enrollment census intake and ongoing member sync.
  - name: Quotes
    description: Deterministic, synchronous quotes. Indicative pending underwriting.
  - name: Enrollments
    description: Plan selection and employer provisioning.
  - name: Account
    description: Aggregate, de-identified employer account data.
  - name: Webhooks
    description: Signed event delivery (standard-webhooks scheme).
paths:
  /webhook:
    put:
      tags:
        - Webhooks
      summary: Set the webhook endpoint
      description: >-
        Registers (or replaces) your HTTPS webhook endpoint. The signing secret
        is returned once and stored encrypted; save it immediately. Rotating:
        call this endpoint again to get a new secret.
      operationId: setWebhook
      parameters:
        - $ref: '#/components/parameters/IdempotencyKey'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - url
              properties:
                url:
                  type: string
                  format: uri
                  description: HTTPS endpoint that receives events.
                  example: https://api.example-hr.com/webhooks/prescience
            example:
              url: https://api.example-hr.com/webhooks/prescience
      responses:
        '200':
          description: Endpoint registered. The secret is shown exactly once.
          content:
            application/json:
              schema:
                type: object
                required:
                  - url
                  - secret
                properties:
                  url:
                    type: string
                    format: uri
                  secret:
                    type: string
                    description: >-
                      Signing secret, `whsec_<hex>`. Returned only on this
                      response.
                    example: whsec_4f8a1c2b9d3e6f7a8b9c0d1e2f3a4b5c
              example:
                url: https://api.example-hr.com/webhooks/prescience
                secret: whsec_4f8a1c2b9d3e6f7a8b9c0d1e2f3a4b5c
        '400':
          description: Validation failed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error: invalid_request
                message: url must be an https URL.
                details:
                  - field: url
                    message: url must be an https URL
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  parameters:
    IdempotencyKey:
      name: Idempotency-Key
      in: header
      required: false
      description: >-
        Any unique string (UUIDs work well). Replaying the same key within 24
        hours returns the stored response instead of re-executing the request.
      schema:
        type: string
        maxLength: 255
      example: 9f3b2c61-4a8d-4e2f-b1c7-d5a90e8f1a23
  schemas:
    Error:
      type: object
      required:
        - error
        - message
      properties:
        error:
          type: string
          enum:
            - unauthorized
            - live_mode_disabled
            - forbidden
            - not_found
            - invalid_request
            - conflict
            - quote_expired
            - census_required
            - rate_limited
            - server_error
            - not_configured
          description: Stable machine-readable error code.
        message:
          type: string
          description: >-
            Human-readable explanation. Wording may change; branch on `error`,
            not `message`.
        details:
          type: array
          description: Present on `invalid_request`. One entry per failed field.
          items:
            type: object
            required:
              - field
              - message
            properties:
              field:
                type: string
                example: zip
              message:
                type: string
                example: zip must be a 5-digit ZIP code
              index:
                type: integer
                description: >-
                  For array payloads (census rows), the zero-based index of the
                  failing row.
                example: 7
  responses:
    Unauthorized:
      description: Missing, malformed, or revoked API key.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: unauthorized
            message: >-
              Provide a valid partner API key as `Authorization: Bearer
              psk_...`.
    RateLimited:
      description: Rate limit exceeded. Honor `Retry-After`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: rate_limited
            message: Rate limit exceeded. Retry after 12 seconds.
      headers:
        Retry-After:
          description: Seconds to wait before retrying.
          schema:
            type: integer
          example: 12
    ServerError:
      description: >-
        Something failed on our side. Safe to retry with the same
        `Idempotency-Key`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
          example:
            error: server_error
            message: Internal error. The request was not applied.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Partner API key. `psk_test_<32 hex>` for test mode, `psk_live_<32 hex>`
        for live mode. Keys are stored hashed and cannot be recovered; store
        them in your secrets manager on issue.

````