Recomly APIEndpointsIntegrationsWebhook Keys
Create webhook key
Generate a new inbound webhook signing key.
POST /api/app/integrations/webhook-keys
Creates a new webhook signing key and returns the signingSecret once. The secret cannot be retrieved again after this response — store it securely immediately and configure it in your external system.
Requires the admin role and the integrations feature entitlement. Returns 403 when the organization has reached its webhook key quota.
Request
See API Basics for required headers.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | No | Human-readable label for the key. Defaults to "Webhook Key". Max 100 characters. |
Sample request
curl -X POST https://api.recomly.com/api/app/integrations/webhook-keys \
-H "Authorization: Bearer rk_live_abc123:def456" \
-H "Content-Type: application/json" \
-d '{"name": "CRM integration"}'Sample response
Status: 201 Created
{
"keyId": "wk_a1b2c3d4e5f6",
"signingSecret": "whsec_s3cr3tPlaintext",
"name": "CRM integration",
"createdAt": "2026-04-15T12:00:00.000Z"
}The signingSecret is returned only once and cannot be recovered. Use it to verify the X-Recomly-Signature header on incoming webhook requests. Revoke and recreate the key if lost.
Error responses
See API Basics for standard status codes and error response format.
| Status | Meaning |
|---|---|
403 | Caller does not have the admin role, the integrations feature is not enabled, or the key quota is reached. |