> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webhook.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Add a provider signing/verification secret to an endpoint



## OpenAPI

````yaml https://api.webhook.co/openapi.json post /v1/endpoints/{endpointId}/provider-secrets
openapi: 3.1.0
info:
  title: webhook.co API
  version: 1.0.0
  description: >-
    The webhook.co REST API: create ingest endpoints, inspect captured events,
    manage delivery destinations and subscriptions, and replay events. All
    requests are authenticated with a bearer `whk_` API key. Responses are JSON;
    every successful response is HTTP 200. Errors use a JSON `{error, message}`
    envelope, except 401/403 which are empty-bodied with a WWW-Authenticate
    header.
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - url: https://api.webhook.co
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Endpoints
    description: Create, inspect, and manage ingest endpoints and their secrets.
  - name: Events
    description: Browse, fetch, tail, and replay captured events.
  - name: Deliveries
    description: Observe outbound delivery attempts.
  - name: Replay Destinations
    description: Manage the allowlist of remote delivery destinations.
  - name: Subscriptions
    description: Configure auto-delivery routing rules.
  - name: Audit
    description: Verify the tamper-evident audit chain.
  - name: Identity
    description: Inspect the authenticated principal.
paths:
  /v1/endpoints/{endpointId}/provider-secrets:
    post:
      tags:
        - Endpoints
      summary: Add a provider signing/verification secret to an endpoint
      operationId: endpointsAddProviderSecret
      parameters:
        - name: endpointId
          in: path
          required: true
          schema:
            type: string
            format: uuid
            pattern: >-
              ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EndpointsAddProviderSecretRequest'
      responses:
        '200':
          description: Success.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AddedProviderSecret'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - bearerAuth: []
components:
  schemas:
    EndpointsAddProviderSecretRequest:
      type: object
      properties:
        provider:
          type: string
          enum:
            - stripe
            - github
            - shopify
            - slack
            - standard_webhooks
            - clerk
            - resend
            - stytch
            - supabase
            - render
            - brex
            - openai
            - replicate
            - polar
            - gemini
            - incident_io
            - etsy
            - vanta
            - pusher
            - quickbooks
            - chargify
            - launchdarkly
            - modern_treasury
            - autodesk_aps
            - mongodb_atlas
            - xero
            - segment
            - aftership
            - onfleet
            - webflow
            - klaviyo
            - mux
            - shippo
            - buildkite
            - ms_teams
            - ably
            - squarespace
            - nylas
            - linkedin
            - tiktok
            - airship
            - lob
            - persona
            - bolt
            - primer
            - airwallex
            - affirm
            - keygen
            - constant_contact
            - telegram
            - mixpanel
            - new_relic
            - fillout
            - zapier
            - tally
            - loops
            - customer_io
            - framer
            - box
            - configcat
            - ashby
            - merge_dev
            - cronofy
            - increase
            - finch
            - knock
            - deel
            - razorpay
            - sentry
            - linear
            - dropbox
            - checkout_com
            - lemon_squeezy
            - coinbase_commerce
            - dwolla
            - gocardless
            - notion
            - meta
            - woocommerce
            - bitbucket
            - atlassian_jira
            - x
            - clickup
            - npm
            - heroku
            - dub
            - cal_com
            - asana
            - circleci
            - pagerduty
            - airtable
            - calendly
            - zoom
            - customerio
            - sinch
            - workos
            - front
            - zendesk
            - twitch
            - paddle
            - recurly
            - docusign
            - vercel
            - intercom
            - paystack
            - authorize_net
            - sanity
            - square
            - trello
            - twilio
            - mandrill
            - hubspot
            - adyen
            - mailgun
            - mercado_pago
            - braintree
            - contentful
            - plivo
            - typeform
            - messagebird
            - netlify
            - vonage
            - monday
            - jira_connect
            - discord
            - telnyx
            - sendgrid
            - wise
            - kinde
            - paypal
            - aws_sns
            - plaid
            - ebay
            - gitlab
            - microsoft_graph
            - chargebee
            - postmark
            - sparkpost
            - okta
            - bigcommerce
            - datadog
            - brevo
        label:
          type: string
          minLength: 1
          maxLength: 200
        secret:
          type: string
          minLength: 1
          maxLength: 4096
        kind:
          default: signing_secret
          type: string
          enum:
            - signing_secret
            - verify_token
            - braintree_public_key
      required:
        - provider
        - secret
      description: >-
        The server additionally validates the secret shape per provider (e.g. a
        Standard-Webhooks secret must be base64 key material); a malformed value
        is rejected with 400 VALIDATION_ERROR.
    AddedProviderSecret:
      type: object
      properties:
        id:
          type: string
          format: uuid
          pattern: >-
            ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$
        provider:
          $ref: '#/components/schemas/Provider'
        status:
          type: string
          enum:
            - active
            - retiring
            - revoked
      required:
        - id
        - provider
        - status
      additionalProperties: false
    Provider:
      type: string
      enum:
        - stripe
        - github
        - shopify
        - slack
        - standard_webhooks
        - clerk
        - resend
        - stytch
        - supabase
        - render
        - brex
        - openai
        - replicate
        - polar
        - gemini
        - incident_io
        - etsy
        - vanta
        - pusher
        - quickbooks
        - chargify
        - launchdarkly
        - modern_treasury
        - autodesk_aps
        - mongodb_atlas
        - xero
        - segment
        - aftership
        - onfleet
        - webflow
        - klaviyo
        - mux
        - shippo
        - buildkite
        - ms_teams
        - ably
        - squarespace
        - nylas
        - linkedin
        - tiktok
        - airship
        - lob
        - persona
        - bolt
        - primer
        - airwallex
        - affirm
        - keygen
        - constant_contact
        - telegram
        - mixpanel
        - new_relic
        - fillout
        - zapier
        - tally
        - loops
        - customer_io
        - framer
        - box
        - configcat
        - ashby
        - merge_dev
        - cronofy
        - increase
        - finch
        - knock
        - deel
        - razorpay
        - sentry
        - linear
        - dropbox
        - checkout_com
        - lemon_squeezy
        - coinbase_commerce
        - dwolla
        - gocardless
        - notion
        - meta
        - woocommerce
        - bitbucket
        - atlassian_jira
        - x
        - clickup
        - npm
        - heroku
        - dub
        - cal_com
        - asana
        - circleci
        - pagerduty
        - airtable
        - calendly
        - zoom
        - customerio
        - sinch
        - workos
        - front
        - zendesk
        - twitch
        - paddle
        - recurly
        - docusign
        - vercel
        - intercom
        - paystack
        - authorize_net
        - sanity
        - square
        - trello
        - twilio
        - mandrill
        - hubspot
        - adyen
        - mailgun
        - mercado_pago
        - braintree
        - contentful
        - plivo
        - typeform
        - messagebird
        - netlify
        - vonage
        - monday
        - jira_connect
        - discord
        - telnyx
        - sendgrid
        - wise
        - kinde
        - paypal
        - aws_sns
        - plaid
        - ebay
        - gitlab
        - microsoft_graph
        - chargebee
        - postmark
        - sparkpost
        - okta
        - bigcommerce
        - datadog
        - brevo
    Error:
      type: object
      description: The JSON error envelope for capability faults.
      properties:
        error:
          type: string
          description: A stable capability-error code.
        message:
          type: string
          description: A human-readable description.
      required:
        - error
        - message
  responses:
    BadRequest:
      description: The request failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: >-
        Missing or invalid bearer credential. Empty body; the WWW-Authenticate
        header carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    Forbidden:
      description: >-
        The credential is valid but lacks the required scope. Empty body;
        WWW-Authenticate carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    NotFound:
      description: The referenced resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    TooManyRequests:
      description: A rate limit or soft cap was exceeded.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: An unexpected server error. The body is a plain-text sentinel.
      content:
        text/plain:
          schema:
            type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: opaque
      description: A `whk_`-prefixed API key (opaque; not a JWT).

````