> ## Documentation Index
> Fetch the complete documentation index at: https://docs.didit.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Webhook Destination

> Retrieve one webhook destination with its `secret_shared_key` signing secret and delivery health summary. API-key callers always receive the secret in full; Console users without `read:webhooks` see an empty string.

export const AgentPromptAccordion = ({prompt, title = "AI Agent Integration Prompt"}) => {
  const [copied, setCopied] = React.useState(false);
  const handleCopy = e => {
    e.stopPropagation();
    if (!prompt) return;
    navigator.clipboard.writeText(prompt.trim()).then(() => {
      setCopied(true);
      setTimeout(() => setCopied(false), 2000);
    });
  };
  const agents = ["Claude Code", "Codex", "Cursor", "Devin", "Windsurf", "GitHub Copilot"];
  return <div className="didit-agent-card">
      {}
      <div className="didit-agent-titlebar">
        <div className="didit-agent-dots" aria-hidden="true">
          <span className="didit-agent-dot didit-agent-dot-red"></span>
          <span className="didit-agent-dot didit-agent-dot-yellow"></span>
          <span className="didit-agent-dot didit-agent-dot-green"></span>
        </div>
        <span className="didit-agent-filename">{title}</span>
        <button type="button" className={`didit-agent-copy ${copied ? "didit-agent-copy-copied" : ""}`} onClick={handleCopy} title="Copy prompt to clipboard" aria-label={copied ? "Copied!" : "Copy prompt to clipboard"}>
          {copied ? <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <path d="M3 8.5l3.5 3.5L13 4" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round" />
              </svg>
              <span>Copied</span>
            </> : <>
              <svg width="13" height="13" viewBox="0 0 16 16" fill="none">
                <rect x="5" y="5" width="9" height="9" rx="1.5" stroke="currentColor" strokeWidth="1.5" />
                <path d="M11 5V3.5A1.5 1.5 0 0 0 9.5 2h-6A1.5 1.5 0 0 0 2 3.5v6A1.5 1.5 0 0 0 3.5 11H5" stroke="currentColor" strokeWidth="1.5" />
              </svg>
              <span>Copy</span>
            </>}
        </button>
      </div>

      {}
      <pre className="didit-agent-body"><code>{prompt.trim()}</code></pre>

      {}
      <div className="didit-agent-footer">
        <span className="didit-agent-footer-label">Paste into</span>
        <div className="didit-agent-chips">
          {agents.map(name => <span key={name} className="didit-agent-chip">{name}</span>)}
        </div>
      </div>
    </div>;
};

<AgentPromptAccordion
  title="Get Webhook Destination API Prompt"
  prompt={`Fetch a single Didit webhook destination through the Management API.

Endpoint:
GET https://verification.didit.me/v3/webhook/destinations/{destination_uuid}/

Authentication:
Use the x-api-key header with my Didit API key.

Goal:
- Retrieve the full configuration and delivery summary of one destination — useful for back-office detail screens or to confirm a config change.

Path parameter:
- destination_uuid — the destination UUID returned by POST /v3/webhook/destinations/ or GET /v3/webhook/destinations/.

What to read from the response:
- url, label, enabled, webhook_version — basic config.
- subscribed_events — current event subscription list.
- secret_shared_key — the HMAC signing secret. Returned in full only to API keys with the read:webhooks permission; otherwise an empty string. Treat the original create response as the canonical place where you captured this secret.
- summary — { total_deliveries, failed_deliveries, error_rate_percentage, min/avg/max_response_time_ms, last_delivery_at }. Useful health signal.

Example call:
curl -X GET "https://verification.didit.me/v3/webhook/destinations/{destination_uuid}/" \\
-H "x-api-key: YOUR_API_KEY"

Failure modes:
- 401 — missing or malformed x-api-key.
- 403 — canonical { "detail": "You do not have permission to perform this action." } envelope; also returned when the key cannot read this destination's secret (in which case secret_shared_key is "" rather than 403, but unrelated lookups may 403).
- 404 — destination not found in this application (also returned for soft-deleted destinations).

Side effects: none. This is a pure read.

For the full integration shape, see /integration/integration-prompt.`}
/>


## OpenAPI

````yaml GET /v3/webhook/destinations/{destination_uuid}/
openapi: 3.0.0
info:
  version: 3.0.0
  title: Didit Verification API
  description: Identity verification API. Authenticate with x-api-key header.
servers:
  - url: https://verification.didit.me
security: []
tags: []
paths:
  /v3/webhook/destinations/{destination_uuid}/:
    get:
      tags:
        - Webhook
      summary: Get webhook destination
      description: >-
        Retrieve one webhook destination with its `secret_shared_key` signing
        secret and delivery health summary. API-key callers always receive the
        secret in full; Console users without `read:webhooks` see an empty
        string.
      operationId: get_webhook_destination
      parameters:
        - name: destination_uuid
          in: path
          required: true
          description: UUID of the destination (the `uuid` returned from create / list).
          schema:
            type: string
            format: uuid
          example: 11111111-2222-3333-4444-555555555555
      responses:
        '200':
          description: Webhook destination details.
          content:
            application/json:
              schema:
                type: object
                properties:
                  uuid:
                    type: string
                    format: uuid
                  label:
                    type: string
                  url:
                    type: string
                    format: uri
                  enabled:
                    type: boolean
                  webhook_version:
                    type: string
                    enum:
                      - v1
                      - v2
                      - v3
                  secret_shared_key:
                    type: string
                    description: >-
                      HMAC signing secret (43-character URL-safe token). Always
                      returned in full to API-key callers; Console users need
                      `read:webhooks`, otherwise an empty string.
                  subscribed_events:
                    $ref: '#/components/schemas/WebhookSubscribedEvents'
                  created_at:
                    type: string
                    format: date-time
                  updated_at:
                    type: string
                    format: date-time
                  summary:
                    type: object
                    description: >-
                      Delivery health metrics aggregated over the destination's
                      lifetime.
                    properties:
                      total_deliveries:
                        type: integer
                      failed_deliveries:
                        type: integer
                      error_rate_percentage:
                        type: integer
                      min_response_time_ms:
                        type: integer
                        nullable: true
                      avg_response_time_ms:
                        type: integer
                        nullable: true
                      max_response_time_ms:
                        type: integer
                        nullable: true
                      last_delivery_at:
                        type: string
                        format: date-time
                        nullable: true
              examples:
                Healthy destination:
                  value:
                    uuid: 11111111-2222-3333-4444-555555555555
                    label: Production session webhooks
                    url: https://yourapp.com/webhooks/didit
                    enabled: true
                    webhook_version: v3
                    secret_shared_key: tno2NTeRC1ZK3sBOYlBJDyEzBVENl3pQ1AcZyAW0xnQ
                    subscribed_events:
                      - status.updated
                      - data.updated
                    created_at: '2026-01-04T08:00:00Z'
                    updated_at: '2026-04-22T14:09:11Z'
                    summary:
                      total_deliveries: 12453
                      failed_deliveries: 14
                      error_rate_percentage: 0
                      min_response_time_ms: 41
                      avg_response_time_ms: 187
                      max_response_time_ms: 2103
                      last_delivery_at: '2026-05-17T09:21:18Z'
        '403':
          description: >-
            API key missing, malformed, expired, or scoped to a different
            application. Didit returns 403 (never 401) for all authentication
            failures on this endpoint.
          content:
            application/json:
              examples:
                Forbidden:
                  value:
                    detail: You do not have permission to perform this action.
        '404':
          description: >-
            No destination with this UUID exists, or it belongs to a different
            application, or it has been deleted.
          content:
            application/json:
              examples:
                Not found:
                  value:
                    detail: Webhook destination not found.
        '429':
          description: Rate limit exceeded; back off and retry.
          content:
            application/json:
              examples:
                Throttled:
                  value:
                    detail: Request was throttled. Expected available in 30 seconds.
      security:
        - ApiKeyAuth: []
      x-codeSamples:
        - lang: curl
          label: curl
          source: >-
            curl -X GET
            'https://verification.didit.me/v3/webhook/destinations/11111111-2222-3333-4444-555555555555/'
            \
              -H 'x-api-key: YOUR_API_KEY'
        - lang: python
          label: Python
          source: |-
            import os

            import requests

            uuid = '11111111-2222-3333-4444-555555555555'
            resp = requests.get(
                f'https://verification.didit.me/v3/webhook/destinations/{uuid}/',
                headers={'x-api-key': os.environ['DIDIT_API_KEY']},
                timeout=10,
            )
            resp.raise_for_status()
            print(resp.json())
        - lang: javascript
          label: JavaScript
          source: >-
            const uuid = '11111111-2222-3333-4444-555555555555';

            const resp = await
            fetch(`https://verification.didit.me/v3/webhook/destinations/${uuid}/`,
            {
              headers: { 'x-api-key': process.env.DIDIT_API_KEY },
            });

            if (!resp.ok) throw new Error(`Lookup failed: ${resp.status}`);

            const destination = await resp.json();

            console.log(destination);
components:
  schemas:
    WebhookSubscribedEvents:
      type: array
      description: >-
        Event filter for this webhook destination. Didit delivers only webhooks
        whose event type exactly matches one of these values — there is no
        wildcard subscription. When sent, the list must contain at least one
        valid event (an explicit `[]` is rejected with 400); a destination whose
        list is empty (field omitted at create) receives nothing. On update the
        list is replaced wholesale, never merged.
      minItems: 1
      uniqueItems: true
      items:
        $ref: '#/components/schemas/WebhookEvent'
      example:
        - status.updated
        - data.updated
    WebhookEvent:
      type: string
      description: >-
        Supported webhook event name. Use these exact strings in
        `subscribed_events`; unsupported values are rejected.
      enum:
        - status.updated
        - data.updated
        - user.status.updated
        - user.data.updated
        - business.status.updated
        - business.data.updated
        - activity.created
        - transaction.created
        - transaction.status.updated
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key

````