API Reference
Start typing to search…

Create Subscription

post
https://core.{customerId}.ec.avayacloud.com/api/events/v1/subscriptions

Creates a new webhook subscription for one or more event families. Specify the event family, the individual events to filter on (or ALL), and the transport configuration including your webhook endpoint and optional auth token.

Finding Your Customer Subdomain

Your subdomain is found in your Avaya Infinity portal URL and is required for all API calls.

Example: If your portal URL is:

https://core.avaya1234.ec.avayacloud.com/app/core-config-ui/

Your subdomain is: avaya1234

To use this API:

  1. Find your subdomain from your Infinity portal URL (as shown above)
  2. Get your Bearer token using the EVENT_NOTIFICATION client credential (see Authentication below)
  3. In the API explorer on the right:
    • Click on {customerId} in the URL field and replace it with your actual subdomain
    • Paste your Bearer token in the Credentials section
    • Fill out the request body with your event families, events, and webhook transport details

Authentication

This endpoint requires a valid OAuth 2.0 Bearer token. To get started, contact Avaya Support to request a client_id and client_secret provisioned with the EVENT_NOTIFICATION scope.

Once you have your credentials, generate an access token and include it in the Authorization: Bearer <token> header of each request.

POST https://core.avaya1234.ec.avayacloud.com/auth/realms/avaya/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=<your_client_id>&client_secret=<your_client_secret>&scope=EVENT_NOTIFICATION

Working with Subscriptions

A newly created subscription will have status: ACTIVE and begin delivering events to your webhook immediately.

The expiresIn field in the response shows the seconds remaining before the subscription expires. Call the Renew Subscription endpoint before this value reaches zero to keep the subscription active.

Important Notes

  • The family field accepts up to 3 values: AGENT, INTERACTION, QUEUE, or ALL (must be the only value if used).
  • The events field accepts up to 25 event types. Use ALL to receive every event for the selected family.
  • The authToken and authTokenHeader fields are optional but recommended for webhook verification.
  • Your account/tenant is automatically derived from your Bearer token — no separate account identifier is required.

DOS Protection & Rate Limiting

  • This endpoint implements DOS protection and rate limiting.

Security Implementation Guidelines

  • Never expose your client_secret or Bearer token to client-side applications.
  • Use authToken and authTokenHeader to verify incoming webhook payloads are from Avaya.
  • Implement proper error handling — avoid surfacing internal error details to end users.
Language
Credentials
Bearer
JWT
URL