Webhook Secrets

Endpointhttps://api.kontorion.eu/v1

Webhook secrets are the HMAC signing keys used to authenticate inbound webhook payloads. Each secret is scoped to an entity (e.g., a specific integration endpoint) and can be rotated without downtime by creating a new secret before deactivating the old one.

List webhook secrets

GET

https://api.kontorion.eu/v1

/webhook-secrets

Returns a paginated list of webhook secrets with key_prefix only (signing_key is never included)

List webhook secrets › query Parameters

limit

integer

Page size

cursor

string

Pagination cursor

List webhook secrets › Responses

Paginated list in data envelope

Create a webhook secret

POST

https://api.kontorion.eu/v1

/webhook-secrets

Creates a new webhook signing secret. The full signing_key is returned only once and cannot be retrieved again.

Create a webhook secret › Request Body

description

string

entity_id

string

entity_type

string

signing_method

string

Create a webhook secret › Responses

Wrapped in data envelope, includes signing_key

Delete a webhook secret

DELETE

https://api.kontorion.eu/v1

/webhook-secrets/{id}

Deletes a webhook signing secret by ID

Delete a webhook secret › path Parameters

id

string · required

Webhook secret UUID

Delete a webhook secret › Responses

No content

No data returned

Rotate a webhook signing secret

POST

https://api.kontorion.eu/v1

/webhook-secrets/{id}/rotate

Generates a new signing key for the secret, replaces it

Rotate a webhook signing secret › path Parameters

id

string · required

Webhook secret UUID

Rotate a webhook signing secret › Responses

Wrapped in data envelope, includes new signing_key

Webhooks Organization Settings

List webhook secrets

GET

https://api.kontorion.eu/v1

/webhook-secrets

Returns a paginated list of webhook secrets with key_prefix only (signing_key is never included)

List webhook secrets › query Parameters

limit

integer

Page size

cursor

string

Pagination cursor

List webhook secrets › Responses

Paginated list in data envelope

Create a webhook secret

POST

https://api.kontorion.eu/v1

/webhook-secrets

Creates a new webhook signing secret. The full signing_key is returned only once and cannot be retrieved again.

Create a webhook secret › Request Body

description

string

entity_id

string

entity_type

string

signing_method

string

Create a webhook secret › Responses

Wrapped in data envelope, includes signing_key

Rotate a webhook signing secret

POST

https://api.kontorion.eu/v1

/webhook-secrets/{id}/rotate

Generates a new signing key for the secret, replaces it

Rotate a webhook signing secret › path Parameters

id

string · required

Webhook secret UUID

Rotate a webhook signing secret › Responses

Wrapped in data envelope, includes new signing_key