> ## Documentation Index
> Fetch the complete documentation index at: https://docs.0xinsider.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Webhook Deliveries

> Recent delivery attempts for one webhook destination owned by the authenticated API key user, newest first, with opaque cursor pagination. Returns 404 (identical to an unknown id) when the endpoint is not owned by the caller, so a non-owner cannot tell an owned-but-empty log apart from someone else's endpoint. Delivery rows omit the request body and signing secret.

Lists recent delivery attempts for one webhook destination owned by the authenticated API-key user, newest first.

```bash theme={null}
curl -H "Authorization: Bearer $OXINSIDER_API_KEY" \
  "https://api.0xinsider.com/api/v1/webhooks/123/deliveries?limit=50"
```

The endpoint uses opaque cursor pagination. A webhook not owned by the caller returns the same `404` as an unknown ID. Delivery rows omit the request body and signing secret.


## OpenAPI

````yaml GET /api/v1/webhooks/{id}/deliveries
openapi: 3.1.0
info:
  title: 0xinsider API
  description: >-
    Find your edge on Polymarket and Kalshi. Every wallet graded, every trade
    scored, every outlier flagged. API exposes trader grades, whale trades,
    smart money signals, and insider detection for AI agents, trading bots, and
    research tools. Normal API requests use a 30-second server timeout that
    returns HTTP 408 Request Timeout with an empty body when exceeded. Public
    REST /api/v1/* endpoints, excluding /api/v1/mcp, use Bearer-token based
    non-credentialed browser CORS: any Origin may call with Authorization,
    Content-Type, If-None-Match, Idempotency-Key, and Mcp-Session-Id request
    headers. Remote MCP at /api/v1/mcp is non-credentialed, but still validates
    Origin against the 0xinsider/localhost allowlist per MCP Streamable HTTP
    DNS-rebinding guidance. Successful browser CORS preflight responses
    advertise Access-Control-Max-Age: 86400. Browser JavaScript may read
    X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, Retry-After,
    ETag, X-Request-Id, X-Request-Cost, X-Batch-RateLimit-Limit,
    X-Batch-RateLimit-Remaining, X-Batch-RateLimit-Reset, Mcp-Session-Id, and
    X-Mcp-Error-Code response headers. Credentialed first-party routes such as
    /api/keys, /api/billing, and auth endpoints remain restricted to configured
    0xinsider origins.
  version: 1.0.0
  contact:
    name: 0xinsider
    email: support@0xinsider.com
    url: https://0xinsider.com
servers:
  - url: https://api.0xinsider.com
    description: >-
      Production (live data). Authenticate with a live key (oxi_sk_live_...);
      requires an active Insider subscription.
security:
  - bearerAuth: []
tags:
  - name: Traders
    description: Trader intelligence, batch lookups, timelines, and export readiness.
  - name: Positions
    description: Current prediction-market position snapshots from backend-owned mirrors.
  - name: Large Positions
    description: Largest current open positions from graded traders (Polymarket-only).
  - name: Whale Trades
    description: Recent and historical large trade intelligence.
  - name: Leaderboard
    description: Ranked trader discovery and category/strategy leaderboards.
  - name: Pick of the Day
    description: >-
      One sourced sharp-money call a day: the side proven smart money is
      backing, with pre-game odds, the proven holders, and the track record.
  - name: Markets
    description: Market search, discovery, snapshots, and smart-score flow.
  - name: Insider Radar
    description: Suspicious trading pattern detection.
  - name: Events
    description: Durable public event replay streams.
  - name: Streaming
    description: Resumable real-time Server-Sent Events stream of live feed envelopes.
  - name: Webhooks
    description: Signed builder webhook destinations and delivery controls.
  - name: Usage
    description: Developer API budget and usage introspection.
  - name: System
    description: Health and operational status checks.
  - name: MCP
    description: Remote Model Context Protocol transport.
  - name: Reports
    description: Daily, weekly, monthly, and trader export report snapshots.
paths:
  /api/v1/webhooks/{id}/deliveries:
    get:
      tags:
        - Webhooks
      summary: List webhook delivery log
      description: >-
        Recent delivery attempts for one webhook destination owned by the
        authenticated API key user, newest first, with opaque cursor pagination.
        Returns 404 (identical to an unknown id) when the endpoint is not owned
        by the caller, so a non-owner cannot tell an owned-but-empty log apart
        from someone else's endpoint. Delivery rows omit the request body and
        signing secret.
      operationId: listWebhookDeliveries
      parameters:
        - $ref: '#/components/parameters/WebhookId'
        - name: cursor
          in: query
          required: false
          description: >-
            Opaque pagination cursor returned as next_cursor by a prior
            response. Omit to fetch the newest page.
          schema:
            type: string
        - name: limit
          in: query
          required: false
          description: Maximum delivery rows to return per page.
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 50
      responses:
        '200':
          description: Webhook delivery log page
          content:
            application/json:
              schema:
                type: object
                required:
                  - object
                  - data
                  - has_more
                  - meta
                properties:
                  object:
                    type: string
                    const: list
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/WebhookDelivery'
                  has_more:
                    type: boolean
                  next_cursor:
                    type: string
                    nullable: true
                  total:
                    type: integer
                    nullable: true
                  meta:
                    $ref: '#/components/schemas/ResponseMeta'
              examples:
                success:
                  summary: Successful response
                  value:
                    object: list
                    data:
                      - id: 1
                        object: webhook_delivery
                        event_id: evt_whale_trades_inserted_1700000000_3
                        event_type: whale_trades_inserted
                        status: delivered
                        attempt_count: 1
                        last_response_status: 200
                        delivered_at: '2026-06-04T12:00:00Z'
                        created_at: '2026-06-04T12:00:00Z'
                    has_more: false
                    next_cursor: null
                    meta:
                      request_id: req_example
                      cached: false
                      cost: 1
          headers:
            X-RateLimit-Limit:
              $ref: '#/components/headers/X-RateLimit-Limit'
            X-RateLimit-Remaining:
              $ref: '#/components/headers/X-RateLimit-Remaining'
            X-RateLimit-Reset:
              $ref: '#/components/headers/X-RateLimit-Reset'
            X-Request-Id:
              $ref: '#/components/headers/X-Request-Id'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '402':
          $ref: '#/components/responses/SubscriptionRequired'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '408':
          $ref: '#/components/responses/RequestTimeout'
        '423':
          $ref: '#/components/responses/Locked'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/InternalError'
        '503':
          $ref: '#/components/responses/RateLimitUnavailable'
      x-codeSamples:
        - lang: curl
          label: cURL
          source: |-
            curl -sS \
              -H 'Authorization: Bearer $OXI_SK' \
              'https://api.0xinsider.com/api/v1/webhooks/123/deliveries'
components:
  parameters:
    WebhookId:
      name: id
      in: path
      required: true
      description: Webhook endpoint id owned by the authenticated API key user.
      schema:
        type: integer
        format: int64
  schemas:
    WebhookDelivery:
      type: object
      description: >-
        Owner-scoped view of one webhook delivery attempt. Deliberately omits
        the request body and the endpoint signing secret: a delivery log never
        re-exposes the payload or any secret material.
      required:
        - id
        - object
        - event_id
        - event_type
        - status
        - attempt_count
        - created_at
      properties:
        id:
          type: integer
          format: int64
        object:
          type: string
          const: webhook_delivery
        event_id:
          type: string
          description: >-
            Stable event id for this delivery; identical across retries of the
            same logical event.
        event_type:
          $ref: '#/components/schemas/WebhookEventType'
        status:
          type: string
          description: Delivery lifecycle state (e.g. pending, delivered, dead_letter).
        attempt_count:
          type: integer
          description: Number of delivery attempts made so far.
        last_response_status:
          type: integer
          description: >-
            HTTP status code of the most recent delivery attempt. Omitted until
            a response (or transport error) has been recorded.
        last_error:
          type: string
          description: >-
            Short description of the most recent delivery failure. Omitted when
            the last attempt succeeded or none has failed.
        delivered_at:
          type: string
          format: date-time
          description: >-
            When the delivery was first accepted by the destination. Omitted
            until a delivery succeeds.
        created_at:
          type: string
          format: date-time
    ResponseMeta:
      type: object
      required:
        - request_id
        - cached
        - cost
      properties:
        request_id:
          type: string
          description: Unique request ID (req_ prefix).
        cached:
          type: boolean
        cache_age_s:
          type: integer
          nullable: true
          description: Cache age in seconds, null if not cached.
        cost:
          type: integer
          description: >-
            Advisory request weight (relative compute cost). 1 for simple reads;
            higher for heavier endpoints. Not a credit/price.
        directional_source:
          type: string
          enum:
            - live
            - degraded
          description: >-
            Which path produced the team-directional read on this response. Only
            present on endpoints that compute one (today: GET
            /api/v1/sports-edge-signals). "live" means the read RAN. "degraded"
            means it FAILED, so nothing was measured and the ranking fell back
            to raw conviction. The flag describes the READ, not its consequence:
            a read that ran and found nothing groupable also leaves the
            directional fields null, and that is honestly "live" -- the
            per-signal nulls already say "nothing to enrich here", so this
            snapshot-level flag carries only what they cannot, namely whether
            the read ran at all. A degraded response is cached on the shorter
            degraded TTL so it self-heals. Reported SEPARATELY from
            ranking_source because the two degradations are independent -- a
            smart-money DB miss weakens the ranking DATA, a directional failure
            removes a ranking WEIGHT -- and a consumer down-weighting a degraded
            response needs to know which input it lost. Omitted on endpoints
            that compute no directional read.
        ranking_source:
          type: string
          enum:
            - live
            - db_only
          description: >-
            Which ranking-data path produced this response. Only present on
            endpoints that can degrade a ranking (today: GET
            /api/v1/sports-edge-signals). "live" is the normal path (the current
            holder pile from the provider batch); "db_only" is the degraded
            fallback (a truthful but weaker trader_markets ranking) served when
            the live sharp-money ranking batch is unavailable (a smart-money DB
            read failure, not a Polymarket outage) and cached on a shorter TTL,
            so a consumer can down-weight or skip it. Omitted on endpoints that
            never degrade.
    WebhookEventType:
      type: string
      enum:
        - whale_trades_inserted
        - live_sports_updated
        - whale_trader_synced
        - large_positions_updated
        - wallet_grade_changed
        - insider_radar_flag_raised
        - smart_money_flow_detected
    ApiError:
      type: object
      required:
        - object
        - error
        - meta
      properties:
        object:
          type: string
          const: error
        error:
          type: object
          required:
            - code
            - message
          properties:
            code:
              type: string
              enum:
                - bad_request
                - invalid_api_key
                - subscription_required
                - forbidden
                - not_found
                - account_locked
                - rate_limited
                - rate_limit_unavailable
                - internal_error
            message:
              type: string
            doc_url:
              type: string
              nullable: true
            param:
              type: string
              nullable: true
            retry_at:
              type: string
              format: date-time
              nullable: true
              description: >-
                The recommended next retry instant (RFC3339). Present on every
                retryable error (reason=pick_not_released, code=rate_limited,
                code=rate_limit_unavailable, reason=read_model_warming) and
                omitted otherwise. Always in the future. For pick_not_released
                it has two regimes: before the 11:00 UTC operating-window start,
                before a selected pick's stored release, or after a terminal
                skipped day, it is an exact floor and nothing can publish first.
                When a publish is overdue or the selector is still hunting
                inside the operating window, it is a bounded cadence (~60s), not
                a lower-bound promise; a pick may publish before it. Schedule
                one request and do not poll. Prefer Retry-After for the duration
                because it is immune to client clock skew.
            reason:
              type: string
              enum:
                - cursor_expired
                - unknown_endpoint
                - pick_not_released
                - trader_not_tracked
                - read_model_warming
              nullable: true
              description: >-
                ADDITIVE (#7209). The specific, actionable cause behind `code`,
                when there is one more specific than the code itself. `code`
                keeps its published values, so existing clients are unaffected;
                new clients branch on `reason`. Omitted when the code already
                says everything we know. pick_not_released: no Pick of the Day
                is published for the current product day; schedule one request
                against retry_at instead of polling. unknown_endpoint: the PATH
                is not a route on this API -- read GET /api/v1, do not retry.
                trader_not_tracked: the wallet is real and the URL is right, but
                the trader is outside the HOT/WARM sync tiers -- stop asking for
                this wallet. cursor_expired: pagination went stale mid-walk --
                re-request the first page and continue. read_model_warming: the
                requested endpoint cannot serve its read model yet; exact causes
                are endpoint-specific and can include a cold or contended
                refresh or a dependency that prevented refresh. Consult that
                endpoint's contract, retry only this route after the interval,
                and do not infer dependency health from this reason.
        meta:
          $ref: '#/components/schemas/ResponseMeta'
  headers:
    X-RateLimit-Limit:
      description: Authenticated V1 per-user request limit for the current sliding window.
      schema:
        type: integer
        example: 100
    X-RateLimit-Remaining:
      description: >-
        Authenticated V1 requests remaining in the current sliding window after
        this response.
      schema:
        type: integer
        example: 84
    X-RateLimit-Reset:
      description: Unix timestamp when the authenticated V1 request window resets.
      schema:
        type: integer
        example: 1710772860
    X-Request-Id:
      description: Server-generated request identifier for support and tracing.
      schema:
        type: string
        example: req_550e8400
  responses:
    BadRequest:
      description: Invalid request parameter
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    SubscriptionRequired:
      description: Active Insider subscription required
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    Forbidden:
      description: Account access denied
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    RequestTimeout:
      description: >-
        Request exceeded the server's 30-second transport timeout. The timeout
        response has an empty body because it is generated before handler-level
        JSON error shaping.
    Locked:
      description: Account is locked
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    RateLimited:
      description: >-
        Rate limit exceeded. Two independent budgets. (1) 100 requests/minute
        per user (sliding window), on every authenticated route. (2) On the
        BATCH routes only: 2500 batch item units/minute per user, reserved
        before any item is executed. A batch with N requested items costs N item
        units, including duplicate and invalid items. 2500 = 100 requests x 25
        items per batch, which is the most item work a key can buy through the
        request limiter at all: a caller may spend their entire 100-request
        minute on full 25-item batches without the item budget being what stops
        them. The REQUEST budget is the effective ceiling, and batching is never
        the more expensive choice. The item budget still denies at a
        sliding-window boundary (both counters carry the previous window forward
        with a floor, and the item counter runs 25x the request counter), so
        honor a 429 from either. Over-quota batches return 429 with Retry-After
        before any item work is done.
      headers:
        Retry-After:
          description: Seconds until rate limit resets.
          schema:
            type: integer
        X-RateLimit-Limit:
          schema:
            type: integer
        X-RateLimit-Remaining:
          schema:
            type: integer
        X-RateLimit-Reset:
          schema:
            type: integer
        X-Request-Id:
          schema:
            type: string
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    InternalError:
      description: Unexpected server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
    RateLimitUnavailable:
      description: >-
        Redis-backed authenticated rate limiter unavailable; retry after the
        per-process outage cooldown
      headers:
        Retry-After:
          description: >-
            Seconds until the middleware will probe the Redis-backed rate
            limiter again.
          schema:
            type: integer
        X-Request-Id:
          schema:
            type: string
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiError'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        API key authentication. Send your key in the Authorization header as
        `Bearer oxi_sk_live_...`. Live keys require an active Insider
        subscription and return live data.

````