Receive a GitHub secret-scanning notification
Webhook endpoint for GitHub secret scanning. Signature-authenticated via the GITHUB-PUBLIC-KEY-IDENTIFIER and GITHUB-PUBLIC-KEY-SIGNATURE headers (ed25519 over the raw body). On match: revoke the affected `merchant_api_keys` row with `revoke_reason='github_leak_detected'` and enqueue an outbox email to the merchant owner.
Webhook endpoint for GitHub secret scanning. Signature-authenticated
via the GITHUB-PUBLIC-KEY-IDENTIFIER and GITHUB-PUBLIC-KEY-SIGNATURE
headers (ed25519 over the raw body). On match: revoke the affected
merchant_api_keys row with revoke_reason='github_leak_detected'
and enqueue an outbox email to the merchant owner.
Header Parameters
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/v1/internal/leaked-key-notifications" \ -H "GITHUB-PUBLIC-KEY-IDENTIFIER: string" \ -H "GITHUB-PUBLIC-KEY-SIGNATURE: string" \ -H "Content-Type: application/json" \ -d '{}'{
"results": [
{
"token_prefix": "string",
"status": "matched",
"key_id": "1e779c8a-6786-4c89-b7c3-a6666f5fd6b5"
}
]
}Was this page helpful?