Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.magne.chat/llms.txt

Use this file to discover all available pages before exploring further.

Webhook Security

Token Management

Webhook tokens are secrets — they grant the ability to post messages to your channels without authentication.
Never commit webhook tokens to version control. Use environment variables or a secrets manager.

Token Storage

  • Tokens are hashed (SHA-256) before storage in the database
  • The plaintext token is only shown once at creation time
  • If compromised, delete the webhook and create a new one

Token Rotation

There is no token rotation endpoint. To rotate a token:
  1. Delete the existing webhook
  2. Create a new webhook on the same channel
  3. Update your integration with the new URL

Best Practices

  • Store tokens in environment variables, not code
  • Use HTTPS for all webhook requests (enforced by the API)
  • Monitor webhook usage via the management endpoints
  • Delete unused webhooks promptly