Skip to content
StraventaDocs

Receive a GitHub secret-scanning notification

Webhook endpoint for GitHub secret scanning. Signature-authenticated via the GITHUB-PUBLIC-KEY-IDENTIFIER and GITHUB-PUBLIC-KEY-SIGNATURE headers (ed25519 over the raw body). On match: revoke the affected `merchant_api_keys` row with `revoke_reason='github_leak_detected'` and enqueue an outbox email to the merchant owner.

POST
/v1/internal/leaked-key-notifications

Webhook endpoint for GitHub secret scanning. Signature-authenticated via the GITHUB-PUBLIC-KEY-IDENTIFIER and GITHUB-PUBLIC-KEY-SIGNATURE headers (ed25519 over the raw body). On match: revoke the affected merchant_api_keys row with revoke_reason='github_leak_detected' and enqueue an outbox email to the merchant owner.

Header Parameters

GITHUB-PUBLIC-KEY-IDENTIFIER*string
GITHUB-PUBLIC-KEY-SIGNATURE*string

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/v1/internal/leaked-key-notifications" \  -H "GITHUB-PUBLIC-KEY-IDENTIFIER: string" \  -H "GITHUB-PUBLIC-KEY-SIGNATURE: string" \  -H "Content-Type: application/json" \  -d '{}'
{
  "results": [
    {
      "token_prefix": "string",
      "status": "matched",
      "key_id": "1e779c8a-6786-4c89-b7c3-a6666f5fd6b5"
    }
  ]
}
Empty
Empty
Empty

Was this page helpful?