For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
SupportDashboard
GuidesAPI Reference
GuidesAPI Reference
  • Endpoints
      • GETTab counts for the loads list
      • GETGet calls for a load
      • GETGet failed carrier verifications for a load
      • GETGet active escalations for a load
      • GETList webhook endpoints
      • POSTRegister a webhook endpoint
      • GETGet a webhook endpoint
      • DELDelete a webhook endpoint
      • PATCHUpdate a webhook endpoint
      • POSTRotate the signing secret
      • GETList delivery attempts for an endpoint
      • GETList attempts for a logical message
      • POSTReplay a delivery
      • GETList subscribable event types
LogoLogo
SupportDashboard
EndpointsAPI

Rotate the signing secret

POST
/webhooks/endpoints/:endpoint_id/rotate-secret
POST
/api/v1/webhooks/endpoints/:endpoint_id/rotate-secret
$curl -X POST https://tryenvoy.ai/api/v1/webhooks/endpoints/endpoint_id/rotate-secret \
>     -H "Authorization: Bearer <token>" \
>     -H "Content-Type: application/json" \
>     -d '{}'
1{
2  "id": "ep_3f9a1c2b-7d4e-4f8a-9b2c-1a2b3c4d5e6f",
3  "organization_id": "org_8a7b6c5d-4e3f-2a1b-0c9d-8e7f6a5b4c3d",
4  "url": "https://webhooks.example.com/receive",
5  "description": "Primary webhook endpoint for order updates",
6  "event_types": [
7    "order.created",
8    "order.shipped",
9    "order.delivered"
10  ],
11  "headers": {
12    "X-Custom-Header": "EnvoyAI-Webhook"
13  },
14  "status": "ACTIVE",
15  "disabled_reason": null,
16  "created_at": "2024-01-15T09:30:00Z",
17  "updated_at": "2024-04-20T14:45:00Z",
18  "signing_secret": "whsec_4f3b2a1c9d8e7f6a5b4c3d2e1f0a9b8c"
19}

Mint a fresh whsec_… signing secret and retire the previous one over a 24-hour grace window. During the grace window the platform signs each delivery with both secrets, so verifiers can be rolled forward without dropping deliveries.

Authentication: Supports API key and bearer token authentication.

Was this page helpful?
Previous

List delivery attempts for an endpoint

Next
Built with

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Path parameters

endpoint_idstringRequiredformat: "uuid"

Headers

X-Organization-IDstring or nullOptional

Response

Successful Response
idstringformat: "^ep_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
organization_idstringformat: "^org_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
urlstring
descriptionstring or null
event_typeslist of strings
headersmap from strings to strings or null
statusenum

Endpoint lifecycle state.

DISABLED is reserved for automatic disable by the auto-disable job; PAUSED is explicitly paused and indicates intent to resume.

Allowed values:
disabled_reasonstring or null
created_atdatetime
updated_atdatetime
signing_secretstring

whsec_<base64> — store this; it is not retrievable later.

Errors

401
Unauthorized Error
403
Forbidden Error
404
Not Found Error
422
Unprocessable Entity Error
429
Too Many Requests Error