Skip to main content
GET
/
webhooks
/
{id}
/
reveal
curl --request GET \
  --url https://api.autosend.com/v1/webhooks/60d5ec49f1b2c72d9c8b1234/reveal \
  --header 'Authorization: Bearer AS_your-api-key'

{
  "success": true,
  "data": {
    "secret": "whsec_8f3a1c2d4e5b6a7c8d9e0f1a2b3c4d5e"
  }
}
This endpoint accepts a project API key (AS_ prefix). It returns the raw HMAC signing secret used to verify payload signatures. The webhook must belong to the authenticated organization.
curl --request GET \
  --url https://api.autosend.com/v1/webhooks/60d5ec49f1b2c72d9c8b1234/reveal \
  --header 'Authorization: Bearer AS_your-api-key'

{
  "success": true,
  "data": {
    "secret": "whsec_8f3a1c2d4e5b6a7c8d9e0f1a2b3c4d5e"
  }
}

Authorizations

Authorizations
string | header
required
Project API key header of the form Bearer AS_<key>.

Path Parameters

id
string
required
The unique identifier of the webhook.Example: "60d5ec49f1b2c72d9c8b1234"

Response

Secret revealed successfully (200)
success
boolean
Indicates if the request was successful
data
object
Wrapper containing the secret

Error Responses

403 - Unauthorized webhook access
object
Returned when the webhook does not belong to the authenticated organization.
{
  "success": false,
  "error": {
    "message": "Unauthorized access to webhook",
    "code": "UNAUTHORIZED_WEBHOOK_ACCESS",
    "status": 403
  }
}
404 - Webhook not found
object
Returned when no webhook with the given ID exists in the project.
{
  "success": false,
  "error": {
    "message": "Webhook not found",
    "code": "WEBHOOK_NOT_FOUND",
  }
}