# Manage a webhook endpoint

Source: https://docs.settlemint.com/docs/operators/platform-setup/webhook-endpoint-settings
Rotate the signing secret, change the delivery URL, switch payload shape, or delete a webhook endpoint from the DALP Console settings page.



A webhook endpoint pushes selected DALP events to an external HTTPS URL. After you register one, each endpoint has a settings page in the Console. Use that page to rotate the signing secret, change the delivery URL, switch the payload shape, or delete the endpoint when it needs maintenance, without calling the [webhook API](/docs/api-reference/webhooks/webhook-endpoints).

## Prerequisites [#prerequisites]

* A registered webhook endpoint in your organisation.
* Organisation owner or administrator access to the active organisation.
* Wallet verification for the active wallet when the authentication flow requires it.

## Open endpoint settings [#open-endpoint-settings]

1. Go to **Platform settings** and open **Webhooks**.
2. Select the endpoint you want to manage.
3. Open its **Settings** tab.

The settings page lists each maintenance action as its own card: signing-secret rotation, payload shape, endpoint URL, and delete.

## Change the endpoint URL [#change-the-endpoint-url]

Use this when deliveries should go to a different receiver.

1. In the **Change endpoint URL** card, edit the **New endpoint URL** field.
2. Select **Change URL**.

The **Change URL** action stays disabled until the new value is a valid `https://` URL that differs from the current one. If the value is empty, malformed, or starts with `http://`, the field shows an inline error and the action remains disabled.

<Callout type="info" title="Endpoint URLs must use HTTPS">
  DALP delivers only to public HTTPS receivers. The Console blocks an invalid or `http://` URL before submission, and
  the platform repeats the same check on its side, including the receiver address allow-list described in the [webhook
  endpoint reference](/docs/api-reference/webhooks/webhook-endpoints).
</Callout>

### Decide what happens to pending deliveries [#decide-what-happens-to-pending-deliveries]

If the endpoint has deliveries still in flight when you change the URL, the Console asks &#x2A;*Retarget pending deliveries?** before saving:

* **Retarget deliveries** sends the pending deliveries to the new URL.
* **Cancel** leaves the URL unchanged so pending deliveries continue to the current URL.

Confirm the choice that matches your cutover. Retargeting moves in-flight deliveries to the new receiver, so only confirm it once the new receiver is ready to accept them.

## Rotate the signing secret [#rotate-the-signing-secret]

Every delivery is signed with the endpoint's HMAC secret. Rotate it on a schedule or after a suspected exposure.

1. In the **Signing-secret rotation** card, select **Rotate secret**.
2. A reveal-once dialog opens with the new `dalp_whsk_` signing secret in cleartext. Select **Copy** to copy it, then store it in your receiver's secret manager.
3. Select **I've saved it** to close the dialog and finish the rotation.

The new secret is shown only once. The reveal dialog has no close button, and Escape and outside clicks are blocked. **I've saved it** is the only way to dismiss the dialog, so the secret cannot slip past you before you acknowledge it.

The old and new secrets both stay valid for 24 hours, giving consumers time to redeploy. After 24 hours, DALP revokes the old secret automatically. You can also revoke it earlier from the rotation flow once every consumer verifies with the new secret.

<Callout type="warn" title="The new secret is shown only once">
  DALP cannot show a signing secret again after you select **I've saved it**. Copy and store the new `dalp_whsk_` value
  before you acknowledge the dialog. If you lose it, rotate the secret again to mint a fresh one.
</Callout>

## Switch payload shape [#switch-payload-shape]

Endpoints start on **thin** payloads, which strip per-event personal data fields before signing. Switching to **fat** payloads ships the full subject state.

1. In the **Switch payload shape** card, select **Switch to fat events**.
2. Acknowledge each personal-data field the change will expose, then confirm.

The switch to fat payloads is one-way from the Console. If an endpoint's subscriptions carry no personal-data baseline, thin and fat payloads are identical and no switch is offered.

## Delete the endpoint [#delete-the-endpoint]

1. In the **Delete endpoint** card, select **Delete endpoint**.
2. Confirm in the dialog.

Deleting disables the endpoint. New delivery attempts are stopped, and any queued retry that has not yet started will be skipped. An in-flight delivery attempt that is already running may still complete and schedule its next retry, but that retry will be skipped when it later runs because the endpoint is disabled. Historical delivery records are kept for audit. Deletion cannot be undone, so confirm only when the endpoint is no longer needed.

## Related [#related]

* [Webhook endpoint reference](/docs/api-reference/webhooks/webhook-endpoints)
* [Webhook events catalogue](/docs/api-reference/tokens/token-events)
* [Platform overview](/docs/operators/platform-setup/platform-overview)