# API Contract: POST /api/v1/webhooks/onboard **Service**: Ligbox Ops Platform API (VM122) **Base URL (LAN)**: `http://10.10.10.122:8080` **Auth**: Header `X-Webhook-Secret` ## Request ```http POST /api/v1/webhooks/onboard HTTP/1.1 Host: 10.10.10.122:8080 Content-Type: application/json X-Webhook-Secret: { "event": "account.created", "domain": "cliente.exemplo.com", "session_id": "sess-abc123", "data": { "email": "admin@cliente.exemplo.com", "account_verified": true, "needs_review": false, "dns_mode": "cloudflare", "mail_aliases": ["suporte.cliente.exemplo.com"] } } ``` ## Response 200 ```json { "accepted": true, "event": "account.created" } ``` ## Response 401 ```json { "detail": "invalid webhook secret" } ``` ## Event Types | Event | Emissor (fase) | Cria ticket? | |-------|----------------|--------------| | `account.created` | Phase B (MVP) | Sim | | `domain.validated` | Phase D | Não (só audit log) | | `dns.applied` | Phase D | Não | | `onboarding.completed` | Phase D | Nota/update | | `onboarding.failed` | Phase D | Sim (prioridade) | ## Idempotency Repetir o mesmo request (mesmo `event` + `session_id` + `domain`) retorna `200 accepted` sem criar ticket duplicado. ## cURL example ```bash curl -sf -X POST "http://10.10.10.122:8080/api/v1/webhooks/onboard" \ -H "Content-Type: application/json" \ -H "X-Webhook-Secret: ligbox-ops-dev-secret" \ -d '{ "event": "account.created", "domain": "teste.ops.ligbox", "session_id": "demo-e2e-001", "data": { "email": "admin@teste.ops.ligbox", "account_verified": true, "needs_review": false } }' ``` ## Related endpoints (read-only) | Method | Path | Descrição | |--------|------|-----------| | GET | `/health` | Health check API | | GET | `/api/v1/tenants` | Lista tenants | | GET | `/api/v1/desk/tickets` | Lista tickets (verificar criação) | | GET | `/api/v1/infra/vm112/status` | Poll health portal |