hmacSecret is dual-purpose. The same secret signs your inbound
/integrations/* requests and our outbound webhooks to your
webhookUrl. There is no second “webhook secret” to manage — rotate the
HMAC secret and both directions roll over together.Everything we issue at onboarding and how to handle each value.
hmacSecret is dual-purpose. The same secret signs your inbound
/integrations/* requests and our outbound webhooks to your
webhookUrl. There is no second “webhook secret” to manage — rotate the
HMAC secret and both directions roll over together.