Your API key:

All requests below will use this key. Your API key is sent directly to api.cueapi.ai and never stored by the docs site.

GET/v1/auth/alert-webhook-secret

Get Alert Webhook Secret

Returns the HMAC-SHA256 secret used to sign alert webhooks delivered to your alert_webhook_url. Lazily generated on first call.

Returns the HMAC-SHA256 signing secret used for alert webhook delivery (separate from the cue execution webhook secret returned by GET /v1/auth/webhook-secret).

The secret is lazily generated — the first call mints a fresh 64-character hex secret and persists it. Every subsequent call returns the same value until you rotate it via POST /v1/auth/alert-webhook-secret/regenerate.

Request

bash

curl https://api.cueapi.ai/v1/auth/alert-webhook-secret \
  -H "Authorization: Bearer cue_sk_YOUR_KEY"

Response

json

{
  "alert_webhook_secret": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}

When alerts use this secret

Alerts are delivered to the URL configured via PATCH /v1/auth/me with alert_webhook_url. Each delivery includes:

X-CueAPI-Alert-Signature: v1={hex_hmac_sha256}
X-CueAPI-Alert-Timestamp: {unix_seconds}

Signed message: {timestamp}.{json_body}. Same signing convention as the execution webhook secret — see Webhook Signatures.

Why a separate secret

Operating two secrets means rotating the alert one (e.g., when changing on-call tooling) does not invalidate every cue's execution webhook. Each surface ages independently.

Errors

Status	Code	Cause
401	`not_authenticated`	Missing/invalid bearer token

GET/v1/auth/alert-webhook-secret

Try it

Enter your API key above to send requests

Previous← Regenerate Secret NextRotate Alert Webhook Secret →