> ## Documentation Index
> Fetch the complete documentation index at: https://dev.gomega.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update / rotate a webhook

> Updates a webhook. Set `rotate_secret: true` to mint a fresh signing secret (returned once). Requires the `public_api:webhooks:manage` scope.



## OpenAPI

````yaml /openapi.json patch /api/agents/crm/lead-webhooks/{id}
openapi: 3.1.0
info:
  title: MEGA Public CRM Lead API
  version: 1.0.0
  description: >-
    Server-to-server API to pull leads, push leads (single + bulk), and manage
    lead webhooks for your MEGA CRM. Authenticate with an admin-issued Personal
    Access Token (`Authorization: Bearer mega_...`) plus the `x-customer-id`
    header. These are secret-key endpoints — call them from your backend, never
    from a browser.
servers:
  - url: https://app.gomega.ai
    description: Production
security:
  - bearerAuth: []
paths:
  /api/agents/crm/lead-webhooks/{id}:
    patch:
      tags:
        - Webhooks
      summary: Update / rotate a webhook
      description: >-
        Updates a webhook. Set `rotate_secret: true` to mint a fresh signing
        secret (returned once). Requires the `public_api:webhooks:manage` scope.
      operationId: updateWebhook
      parameters:
        - $ref: '#/components/parameters/CustomerId'
        - name: id
          in: path
          required: true
          schema:
            type: string
            format: uuid
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WebhookUpdateRequest'
      responses:
        '200':
          description: The updated webhook (with `secret` only when rotated).
          content:
            application/json:
              schema:
                type: object
                properties:
                  webhook:
                    $ref: '#/components/schemas/Webhook'
                  secret:
                    type: string
                required:
                  - webhook
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/RateLimited'
components:
  parameters:
    CustomerId:
      name: x-customer-id
      in: header
      required: true
      schema:
        type: string
        format: uuid
      description: >-
        The customer this request acts on. Must match the customer your key is
        locked to.
  schemas:
    WebhookUpdateRequest:
      type: object
      properties:
        url:
          type: string
          format: uri
        event_types:
          type: array
          items:
            type: string
            enum:
              - lead.created
        timeout_seconds:
          type: integer
          minimum: 1
          maximum: 60
        retry_attempts:
          type: integer
          minimum: 0
          maximum: 10
        description:
          type:
            - string
            - 'null'
        is_active:
          type: boolean
        rotate_secret:
          type: boolean
          description: When true, a fresh signing secret is minted and returned once.
    Webhook:
      type: object
      properties:
        id:
          type: string
        url:
          type: string
          format: uri
        event_types:
          type: array
          items:
            type: string
        is_active:
          type: boolean
        timeout_seconds:
          type: integer
        retry_attempts:
          type: integer
        description:
          type:
            - string
            - 'null'
        created_at:
          type: string
          format: date-time
        updated_at:
          type: string
          format: date-time
      required:
        - id
        - url
        - event_types
        - is_active
        - timeout_seconds
        - retry_attempts
        - created_at
        - updated_at
    Error:
      type: object
      properties:
        error:
          type: object
          properties:
            type:
              type: string
              enum:
                - authentication_error
                - authorization_error
                - invalid_request_error
                - not_found_error
                - rate_limit_error
                - api_error
            code:
              type: integer
            message:
              type: string
          required:
            - type
            - code
            - message
      required:
        - error
  responses:
    BadRequest:
      description: Invalid request.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing or invalid token / `x-customer-id`.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: Key lacks the required scope, or is locked to a different customer.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimited:
      description: Rate limit exceeded.
      headers:
        RateLimit-Limit:
          $ref: '#/components/headers/RateLimitLimit'
        RateLimit-Remaining:
          $ref: '#/components/headers/RateLimitRemaining'
        RateLimit-Reset:
          $ref: '#/components/headers/RateLimitReset'
        Retry-After:
          $ref: '#/components/headers/RetryAfter'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  headers:
    RateLimitLimit:
      description: Request quota for the reported window.
      schema:
        type: integer
    RateLimitRemaining:
      description: Requests remaining in the window.
      schema:
        type: integer
    RateLimitReset:
      description: Seconds until the window fully refills.
      schema:
        type: integer
    RetryAfter:
      description: Seconds to wait before retrying (on 429).
      schema:
        type: integer
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >-
        Admin-issued Personal Access Token, e.g. `Authorization: Bearer mega_<64
        hex>`. The key carries scopes (`public_api:leads:read`,
        `public_api:leads:write`, `public_api:webhooks:manage`) and is locked to
        one customer.

````