Webhook Secret
Each webhook endpoint has a unique secret used to sign outgoing requests. You use this secret to verify that incoming webhooks genuinely came from Artos.
Format
Secrets are prefixed with whsec_ followed by a 32-character random string:
Secret format
whsec_K7x9mN3pQ2vR8wY5zA4bC6dE1fG0hI.env
ARTOS_WEBHOOK_SECRET=whsec_K7x9mN3pQ2vR8wY5zA4bC6dE1fG0hISecurity
Shown once only
The webhook secret is displayed once immediately after creating a webhook endpoint in your dashboard. Copy it and store it securely as an environment variable. It cannot be retrieved again — if lost, delete the webhook and create a new one.