Return GitHub webhook HMAC secret for manual setup
POST
/integrations/webhooks/reveal-secret
const url = 'https://example.com/api/integrations/webhooks/reveal-secret';const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/integrations/webhooks/reveal-secret \ --header 'Authorization: Bearer <token>'POST (not GET) so the secret is not stored in query strings or browser history. Response uses Cache-Control no-store.
Authorizations
Section titled “Authorizations ”Responses
Section titled “ Responses ”Secret payload
Media type application/json
object
secret
required
string
Not authenticated
Media type application/json
object
error
required
Human-readable error message
string
code
Stable machine-readable error code for client branching
string
fieldErrors
First validation message per field path
object
key
additional properties
string
issues
Structured validation issues (Zod)
Array<object>
object
path
required
string
message
required
string
retryAfter
Seconds until rate limit resets (429 responses)
number
reconnect
True if re-linking GitHub may fix the issue
boolean
Webhook secret is not configured on the server