Enhanced Webhook URL Review and Approval Process {#webhooks-urls}
=================================================================

We are introducing an enhancement to webhook subscription processing to improve security, compliance, and visibility for webhook-related URLs. Webhook URLs will be validated and reviewed before they can be used. This includes both newly submitted subscriptions and existing subscriptions currently on file. This change is expected to take place at the end of May 2026.

**What is Changing** {#webhooks-urls_section_dnx_jdt_1jc}
---------------------------------------------------------

When a webhook subscription is created or updated, the URLs associated with that subscription will be evaluated through a validation and approval process.  
This applies to:

* **Webhook URL** (required)
* **OAuth URL** (if applicable)
* **Health Check URL** (if applicable)

{#webhooks-urls_ul_enx_jdt_1jc}  
As part of this enhancement, clients might now see the following user-facing statuses:

* **PENDING_REVIEW**
* **BLOCKED**

{#webhooks-urls_ul_fnx_jdt_1jc}  
The existing **INACTIVE** status remains unchanged and continues to indicate that the subscription is approved and ready within the current lifecycle.

Status Descriptions
-------------------

|     **Status**     |                                                            **Description**                                                             |
|--------------------|----------------------------------------------------------------------------------------------------------------------------------------|
| **PENDING_REVIEW** | One or more submitted URLs are being validated or awaiting required security approval.                                                 |
| **BLOCKED**        | One or more URLs were rejected or identified as unsafe or non-compliant. The subscription cannot proceed until the URL(s) are updated. |
| **INACTIVE**       | All required approvals are complete, and the subscription is ready under the existing activation flow.                                 |

**How the New Process Works** {#webhooks-urls_section_hnx_jdt_1jc}
------------------------------------------------------------------

1. A webhook subscription is created or updated.
2. Submitted URLs are checked against existing approval records.
3. New or unknown URLs are evaluated through automated validation.
4. If additional review is required, the subscription moves to **PENDING_REVIEW**.
5. If any URL is rejected or blocked, the subscription moves to **BLOCKED**.
6. If all required URLs are approved, the subscription moves to **INACTIVE**.
   {#webhooks-urls_ol_inx_jdt_1jc}

**Impact on Existing Subscriptions** {#webhooks-urls_section_jnx_jdt_1jc}
-------------------------------------------------------------------------

After this change goes live, we will run existing webhook subscriptions through the new validation process:

* Existing subscription URLs will be assessed using the new validation framework.
* URLs that require additional security review might place the subscription into **PENDING_REVIEW**.
* If any existing URL is identified as blocked, the associated subscription status will be updated to **BLOCKED**.

{#webhooks-urls_ul_knx_jdt_1jc}  
In cases where a subscription is moved to **BLOCKED**, clients will be expected to perform these tasks:

* Review the affected endpoint(s).
* Update the URL(s) to an acceptable endpoint.
* Resubmit the subscription for processing.
  {#webhooks-urls_ul_lnx_jdt_1jc}

**For New Subscriptions** {#webhooks-urls_section_mnx_jdt_1jc}
--------------------------------------------------------------

New webhook-related URLs may go through validation and, if necessary, security review before the subscription can proceed.

**For Existing Subscriptions** {#webhooks-urls_section_nnx_jdt_1jc}
-------------------------------------------------------------------

Current subscriptions will also be reviewed after go-live. If an existing endpoint does not meet the new validation requirements, the subscription may be updated to **BLOCKED** until the URL is corrected.

**If Your Subscription is Marked BLOCKED** {#webhooks-urls_section_onx_jdt_1jc}
-------------------------------------------------------------------------------

This means one or more URLs associated with the subscription cannot be used in their current form. To continue, the client must update the affected URL(s) and resubmit.

**Why We are Making this Change** {#webhooks-urls_section_pnx_jdt_1jc}
----------------------------------------------------------------------

This enhancement is designed to:

* **Reduce security risk** by preventing outbound calls to unapproved endpoints.
* **Improve compliance** through stronger review and approval controls.
* **Increase transparency** with clearer client-visible statuses.
* **Support scale** through a standardized and repeatable validation process.
  {#webhooks-urls_ul_qnx_jdt_1jc}