Open Collections
Management
Inspect, update, test, or remove your endpoint.
All endpoints take a secret API key (hpn_live_sk_*) with the webhooks:manage scope, or a dashboard session.
Get current endpoint
Bash
GET /v1/open-collections/endpoint
JSON
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://your-server.com/harpoon/payments",
"description": "Wallet credit listener",
"is_active": true,
"is_sandbox": false,
"last_success_at": "2026-04-29T13:00:00Z",
"last_failure_at": null,
"consecutive_failures": 0,
"created_at": "2026-04-29T12:00:00Z",
"updated_at": "2026-04-29T12:00:00Z"
}
}If your team has no endpoint, data is null. The signing secret is never returned here.
Update
Bash
PUT /v1/open-collections/endpoint
Content-Type: application/json
{
"url": "https://your-server.com/v2/harpoon/payments",
"is_active": true
}| Field | Type | Description |
|---|---|---|
url | string | New URL (HTTPS) |
description | string | Label |
is_active | boolean | false pauses delivery |
Test
Bash
POST /v1/open-collections/endpoint/testSends a synthetic transaction.forwarded payload with "test": true. The response surfaces the status code and body so you can debug without reading server logs.
Reveal the signing secret
Dashboard JWT only. Requires re-entering your password. Rate-limited to 5 attempts per 15 minutes per user.
Bash
POST /v1/open-collections/endpoint/secret
Authorization: Bearer <dashboard-jwt>
Content-Type: application/json
{ "password": "your-account-password" }
JSON
{
"success": true,
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"secret": "whsec_xxxxxxxxxxxxxxxxxxxxx"
}
}Delete
Bash
DELETE /v1/open-collections/endpoint
JSON
{ "success": true, "deleted": true }Re-creating later generates a new signing secret.