How to add custom secret key for Outgoing Webhook?


We are trying to add an outgoing webhook to our projects/apps and our endpoint requires a signed request.
We noticed that the POST request has a header Bitrise-Hook-Signature using sha1 but we cannot find where to configure the secret key used to generate this signature.

In Github, we can set it easily as per screenshot:

In Bitrise, we read this multiple times, but couldn’t find it:

Any input is appreciated!


Hi @jing!

You should be able to adjust on the ‘Code’ tab of your app. If you scroll down you’ll see this:

Where I’ve kind of badly but at least clearly illustrated where you should click, and afterwards you can fill out the details as presented below.

Hope this helps! Let me know :slight_smile:

Hi Bitce,

Thanks for the quick response! It’s not badly illustrated. :slight_smile:

We are indeed able to add the webhook itself but we are looking for where we can define the secret key to be used for generating the sha1 signature (the one we receive from header HTTP_BITRISE_HOOK_SIGNATURE).
The custom header in your 2nd screenshot is not what we need in this case as it’s not the one being used to generate HTTP_BITRISE_HOOK_SIGNATURE (we tried :sweat_smile: ).


Hi @jing,

Oh I see, thanks for explaining! In that case you’d have to register this webhook via the API. This is the endpoint I’m referencing: Bitrise Swagger UI
You’ll get this generated in a Bitrise-Hook-Signature header :slight_smile:

Thanks, Bitce!

Sorry for the delay in response.
That’s exactly what we needed and we have now implemented it. Thanks a lot!
And sorry we didn’t notice that before in the documentation. ^^;


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.