secondary secret key

A secondary secret key is a hash message authentication code (HMAC) created by the AgilePoint Server to validate a webhook notification. The other HMAC is the primary secret key.

Good to Know

  • When you configure a webhook to use secret keys, AgilePoint Server creates a cryptographic digest of the notification body and attaches it in a header. When your app receives the webhook notification, it can compute the digest and compare it to the one attached to the message. If the digests are not the same, then the notification is not authentic.
  • Even though AgilePoint NX sends both a primary secret key and secondary secret key with a webhook notification, only one of these keys is required to authenticate the notification.
  • When you configure or change secret keys in webhooks, you must share that new secret keys to the notification handler for your recipient app, so the keys can be used to use to validate the webhook notifications.
  • AgilePoint recommends that you change the secret keys periodically. However, the primary and secondary secret keys should not be changed at the same time. If you change both secret keys at the same time, you may miss some notifications that occur between the time they are changed in AgilePoint NX and the time they are changed in your webhook recipient app. Instead, AgilePoint recommends that you change the primary and secondary keys one at a time on a periodic schedule. For example, you might change the primary key on January 1, the seconary key on February 1, and so on.

Related Topics

About This Page

This page is a navigational feature that can help you find the most important information about this topic from one location. It centralizes access to information about the concept that may be found in different parts of the documentation, provides any videos that may be available for this topic, and facilitates search using synonyms or related terms. Use the links on this page to find the information that is the most relevant to your needs.


secondary secret key, secret key, key, secret code, authentication, credentials, webhook