Open Dashboard
Webhook Signing
DocumentationAPI Reference

Get Webhook Secret

Hand off to an LLM

Get the current webhook signing secret.

Returns the active secret used to sign outbound webhook deliveries via the bem-signature header. Returns 404 if no secret has been generated for this environment yet.

Use the secret to verify incoming webhook payloads:

  1. Parse bem-signature: t={timestamp},v1={signature}.
  2. Construct the signed string: {timestamp}.{raw request body}.
  3. Compute HMAC-SHA256 of that string using the secret.
  4. Compare the hex digest against v1.
  5. Reject requests where the timestamp is more than a few minutes old.
GET
/v3/webhook-secret

Authorization

API Key
x-api-key<token>

Authenticate using API Key in request header

In: header

Response Body

application/json

curl -X GET "https://api.bem.ai/v3/webhook-secret"
{
  "secret": "string"
}

See also

  • Webhooks — subscribe, receive, verify

Generate Webhook Secret POST

Previous Page

Revoke Webhook Secret DELETE

Next Page