LLM-readable documentation index
WebhooksSigning Secrets

Get Webhook Secret

Hand off to an LLM

Get the current webhook signing secret.

Returns the active secret used to sign outbound webhook deliveries via the bem-signature header. Returns 404 if no secret has been generated for this environment yet.

Use the secret to verify incoming webhook payloads:

  1. Parse bem-signature: t={timestamp},v1={signature}.
  2. Construct the signed string: {timestamp}.{raw request body}.
  3. Compute HMAC-SHA256 of that string using the secret.
  4. Compare the hex digest against v1.
  5. Reject requests where the timestamp is more than a few minutes old.
GET
/v3/webhook-secret
x-api-key<token>

Authenticate using API Key in request header

In: header

Response Body

application/json

curl -X GET "https://api.bem.ai/v3/webhook-secret"
{
  "secret": "string"
}

See also