> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formitto.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List webhook subscriptions

> List the calling API key's own event subscriptions, newest first. Secrets are NOT returned — the plaintext is shown only once, at create.




## OpenAPI

````yaml /api/openapi.yaml get /webhooks
openapi: 3.1.0
info:
  title: Formitto API
  version: 1.0.0
  description: >
    The Formitto public API (v1). Read and manage your forms, submissions,
    calendars, bookings, shop widgets, and orders programmatically.

    Authenticate with an API key created in the Formitto dashboard (Settings →
    API keys). Pass it as a Bearer token: `Authorization: Bearer fmt_live_...`.
    Keys are scoped — a key only reaches the endpoints its scopes allow (e.g.
    `read:forms`, `write:submissions`).

    All responses are JSON. List endpoints return a `{ data, pagination }`
    envelope; single-resource endpoints return the object directly. Requests are
    rate-limited per API key; see the `X-RateLimit-*` response headers.
  contact:
    name: Formitto Support
    url: https://formitto.com
  license:
    name: Proprietary
    url: https://formitto.com/terms
servers:
  - url: https://formitto.com/v1
    description: Production
security:
  - bearerAuth: []
tags:
  - name: forms
    description: Create, read, update, and archive forms.
  - name: submissions
    description: Read and programmatically ingest form submissions.
  - name: calendars
    description: Read calendar widgets.
  - name: bookings
    description: Read calendar bookings.
  - name: ecommerce
    description: Read shop widgets.
  - name: orders
    description: Read shop orders.
  - name: webhooks
    description: Manage event subscriptions (REST Hooks) for integrations.
paths:
  /webhooks:
    get:
      tags:
        - webhooks
      summary: List webhook subscriptions
      description: >
        List the calling API key's own event subscriptions, newest first.
        Secrets are NOT returned — the plaintext is shown only once, at create.
      operationId: listWebhookSubscriptions
      responses:
        '200':
          description: This key's subscriptions.
          headers:
            X-RateLimit-Limit:
              $ref: '#/components/headers/RateLimitLimit'
            X-RateLimit-Remaining:
              $ref: '#/components/headers/RateLimitRemaining'
            X-RateLimit-Reset:
              $ref: '#/components/headers/RateLimitReset'
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/WebhookSubscription'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  headers:
    RateLimitLimit:
      description: The per-API-key request budget for the current 1-hour window.
      schema:
        type: integer
    RateLimitRemaining:
      description: Requests remaining in the current window after this request.
      schema:
        type: integer
    RateLimitReset:
      description: Unix timestamp (seconds) at which the rate-limit window resets.
      schema:
        type: integer
    RetryAfter:
      description: Seconds to wait before retrying. Present on 429 responses.
      schema:
        type: integer
  schemas:
    WebhookSubscription:
      type: object
      description: >-
        An event subscription owned by an API key. Secrets are never included
        here.
      required:
        - id
        - event
        - target_url
        - created_at
      properties:
        id:
          type: string
        event:
          type: string
          enum:
            - form.submitted
            - booking.created
            - booking.rescheduled
            - order.paid
        target_url:
          type: string
          format: uri
        created_at:
          type: string
          format: date-time
    Error:
      type: object
      description: >
        Standard error envelope. `code` is a stable machine-readable string
        (e.g. invalid_api_key, insufficient_scope, not_found, rate_limited,
        domain_required, forbidden_field). Some errors carry extra context
        fields (candidates, required, fields, invalid, retryAfter).
      required:
        - error
      additionalProperties: true
      properties:
        error:
          type: string
          description: Human-readable message.
        code:
          type: string
          description: Stable machine-readable error code.
  responses:
    Unauthorized:
      description: The API key is missing, malformed, revoked, or expired.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimited:
      description: The per-API-key request budget for the current window is exhausted.
      headers:
        X-RateLimit-Limit:
          $ref: '#/components/headers/RateLimitLimit'
        X-RateLimit-Remaining:
          $ref: '#/components/headers/RateLimitRemaining'
        X-RateLimit-Reset:
          $ref: '#/components/headers/RateLimitReset'
        Retry-After:
          $ref: '#/components/headers/RetryAfter'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ServerError:
      description: An unexpected server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: fmt_live_*
      description: >
        A Formitto API key created in the dashboard (Settings → API keys). Pass
        it as `Authorization: Bearer fmt_live_...`.

````