{
"id": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"data": {
"paymentId": "<string>",
"leagueId": "<string>",
"gameId": "<string>",
"officialId": "<string>",
"amountCents": 123,
"currency": "<string>"
}
}API Reference
A payment settled organizer marked paid or platform charge settled
WEBHOOK
payment.paid
{
"id": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"data": {
"paymentId": "<string>",
"leagueId": "<string>",
"gameId": "<string>",
"officialId": "<string>",
"amountCents": 123,
"currency": "<string>"
}
}Authorizations
Partner API key: Authorization: Bearer whk_…. Keys are issued by the Whistle team (email tommy@huddleup-sports.com), shown once at issuance, and bound to your source namespace — they access only your leagues (plus explicit grants) and your webhook endpoints. Any auth failure returns 401 {"error":"unauthorized"}; the API never returns 403 — out-of-scope resources answer 404 exactly like nonexistent ones.
Body
application/json
Every webhook POST body. Headers: X-Whistle-Event (event name), X-Whistle-Delivery (stable across retries — dedupe on it), X-Whistle-Signature (sha256= + HMAC-SHA256 of the raw body using your endpoint secret).
Delivery id.
Available options:
game.created, game.updated, game.cancelled, game.completed, position.claimed, position.released, payment.paid, payment.failed, official.joined, official.approved, official.removed, official.no_show Event-specific payload.
Show child attributes
Show child attributes
Response
200
Return any 2xx to acknowledge
Last modified on July 10, 2026
⌘I

