nekomimi.pet / wisp.place-monorepo
Monorepo for wisp.place. A static site hosting service built on top of the AT Protocol. wisp.place
87
fork

Configure Feed

Select the types of activity you want to include in your feed.

update webhook doc

nekomimi.pet e902dec1 047ef0da

+2 -57
+2 -57
docs/src/content/docs/lexicons/place-wisp-wh.md
··· 104 104 | `secret` | string | Inline HMAC secret (stored plaintext in PDS) | 105 105 | `enabled` | boolean | Set to `false` to pause delivery | 106 106 107 - ## API Convenience Routes 108 - 109 - The main app exposes API routes that wrap PDS record operations. All routes require the signed `did` cookie. 110 - 111 - ### `GET /api/webhook` 112 - 113 - Lists all webhook records for the authenticated user. 114 - 115 - ### `POST /api/webhook` 116 - 117 - Creates a new webhook record. Body: 118 - 119 - ```json 120 - { 121 - "scopeAturi": "at://did:plc:abc123/app.bsky.feed.post", 122 - "url": "https://example.com/webhook", 123 - "backlinks": false, 124 - "events": ["create"], 125 - "secretId": "my-secret", 126 - "enabled": true 127 - } 128 - ``` 107 + ## API Reference 129 108 130 - ### `DELETE /api/webhook/:rkey` 131 - 132 - Deletes a webhook record by its record key. 133 - 134 - ### `GET /api/webhook/events` 135 - 136 - Returns the last 100 delivery events for the authenticated user. 137 - 138 - ## Signing Secrets API 139 - 140 - Server-managed secrets are never stored in your PDS — the token is returned once at creation time and then only stored as a hash. Manage them via: 141 - 142 - ### `GET /api/secret` 143 - 144 - Lists all secrets (names and metadata only — tokens are never returned after creation). 145 - 146 - ### `POST /api/secret` 147 - 148 - Creates a new secret. Body: `{ "name": "my-secret" }`. 149 - 150 - Response includes `token` — **copy it now**, it will not be shown again. 151 - 152 - ```json 153 - { "success": true, "name": "my-secret", "token": "wsk_...", "createdAt": "..." } 154 - ``` 155 - 156 - ### `POST /api/secret/:name/rotate` 157 - 158 - Generates a new token for an existing secret. The old token stops working immediately. Returns the new `token` once. 159 - 160 - ### `DELETE /api/secret/:name` 161 - 162 - Deletes a secret. Any webhooks referencing this `secretId` will stop being signed. 163 - 164 - These routes are also available as XRPC procedures under `place.wisp.v2.secret.*` for programmatic access with a service JWT. 109 + Webhook and signing secret management is available via XRPC. See the [XRPC API reference](/reference/xrpc-api) for full input/output schemas, error codes, and auth requirements — including the `place.wisp.v2.secret.*` procedures for managing server-managed signing secrets. 165 110 166 111 ## Self-Hosting 167 112