Protected Access

WebhookLab uses the shared PlatPhorm platform key for protected writes and sensitive delivery actions. Service-specific key management is disabled.

Allowed Headers

Authorization: Bearer $PLATPHORM_API_KEY
X-PlatPhorm-API-Key: $PLATPHORM_API_KEY

No Service-specific Keys

WebhookLab does not issue, display, persist, or rotate local service credentials. The legacy protected-access route returns an explicit degraded response so clients do not mistake it for supported credential creation.

Protected Actions

persistent endpoint registration

event creation that sends externally

delivery replay and cancel

contract create, update, delete, and persistent test runs

raw delivery details and private webhook payloads

report publishing, sync jobs, private traces, and registry mutation