MITPO AssistantDevelopers

API Reference

Complete documentation for the MITPO Universal API

Base URL

https://api.mitpo.io

Webhooks

Register HTTPS endpoints to receive operational event notifications from MITPO execution workflows. All webhook payloads are signed with HMAC-SHA256 for verification.

POST/v1/webhooks

Create a webhook endpoint. You will receive a signing secret in the response.

Request
curl -X POST https://api.mitpo.io/v1/webhooks \
  -H "Authorization: Bearer mk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourapp.com/webhooks/mitpo",
    "events": ["dispatch.completed", "dispatch.failed"]
  }'
Response 200
{
  "success": true,
  "data": {
    "id": "whk_r3s4t5u6",
    "url": "https://yourapp.com/webhooks/mitpo",
    "events": ["dispatch.completed", "dispatch.failed"],
    "signing_secret": "whsec_a1b2c3d4e5...",
    "created_at": "2026-03-22T10:00:00Z"
  },
  "request_id": "req_8h9i0j1k..."
}
GET/v1/webhooks

List all registered webhook endpoints.

Request
curl https://api.mitpo.io/v1/webhooks \
  -H "Authorization: Bearer mk_live_..."
Response 200
{
  "success": true,
  "data": [
    {
      "id": "whk_r3s4t5u6",
      "url": "https://yourapp.com/webhooks/mitpo",
      "events": ["dispatch.completed", "dispatch.failed"],
      "created_at": "2026-03-22T10:00:00Z"
    }
  ],
  "request_id": "req_2l3m4n5o..."
}
DELETE/v1/webhooks/:id

Delete a webhook endpoint.

Request
curl -X DELETE https://api.mitpo.io/v1/webhooks/whk_r3s4t5u6 \
  -H "Authorization: Bearer mk_live_..."
Response 200
{
  "success": true,
  "data": {
    "id": "whk_r3s4t5u6",
    "deleted": true
  },
  "request_id": "req_6p7q8r9s..."
}

Webhook payload

When an event occurs, MITPO sends a POST request to your registered URL.

Example payload
{
  "event": "dispatch.completed",
  "timestamp": "2026-03-22T10:30:00Z",
  "data": {
    "dispatch_id": "dsp_a1b2c3d4",
    "channel": "meta_ads",
    "status": "completed",
    "provider_resource_id": "23851234567890"
  }
}

Webhook headers

HeaderDescription
X-MITPO-SignatureHMAC-SHA256 signature of the request body
X-MITPO-TimestampUnix timestamp when the event was sent
X-MITPO-EventEvent type (e.g. dispatch.completed)

Signature verification

Always verify the X-MITPO-Signature header before processing a webhook.

Node.js
const crypto = require('crypto');

function verifyWebhook(body, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(body)
    .digest('hex');
  return `sha256=${expected}` === signature;
}

// In your handler:
const isValid = verifyWebhook(
  req.body,
  req.headers['x-mitpo-signature'],
  process.env.WEBHOOK_SECRET
);

Supported events

EventDescription
dispatch.acceptedA dispatch has been accepted and queued for processing
dispatch.completedA dispatch has been successfully delivered to the provider
dispatch.failedA dispatch has failed due to a provider or validation error
connection.activeA platform connection has been successfully established
connection.reauth_requiredA platform connection requires re-authentication

Ready to automate campaign operations?

Get an API keyTry the Playground