Skip to main content
GET
/
api
/
v1
/
webhook_endpoints
/
{id}
/
secret
curl https://api.agentcard.sh/api/v1/webhook_endpoints/wh_abc123/secret \
  -H "Authorization: Bearer sk_test_..."

{
  "id": "wh_abc123",
  "object": "webhook_endpoint",
  "url": "https://your-app.example.com/webhooks/agentcard",
  "enabled_events": ["card.*"],
  "status": "active",
  "description": "production receiver",
  "consecutive_failures": 0,
  "last_success_at": "2026-05-17T13:42:00.000Z",
  "disabled_at": null,
  "created_at": "2026-05-17T12:00:00.000Z",
  "updated_at": "2026-05-17T13:42:00.000Z",
  "secret": "whsec_3a4b5c6d7e8f…"
}
Returns the plaintext signing secret for an endpoint. Use this when the secret was lost from your local config and you want to recover it without rotating (which would break in-flight deliveries to receivers still holding the old secret). Every call is recorded in the audit log under webhook_endpoint.secret.access. Treat the response like a password and avoid logging it. If you’d rather generate a fresh secret instead of recovering the existing one, use roll_secret. 
curl https://api.agentcard.sh/api/v1/webhook_endpoints/wh_abc123/secret \
  -H "Authorization: Bearer sk_test_..."

{
  "id": "wh_abc123",
  "object": "webhook_endpoint",
  "url": "https://your-app.example.com/webhooks/agentcard",
  "enabled_events": ["card.*"],
  "status": "active",
  "description": "production receiver",
  "consecutive_failures": 0,
  "last_success_at": "2026-05-17T13:42:00.000Z",
  "disabled_at": null,
  "created_at": "2026-05-17T12:00:00.000Z",
  "updated_at": "2026-05-17T13:42:00.000Z",
  "secret": "whsec_3a4b5c6d7e8f…"
}