Get a subscription
Retrieves a single subscription by its ID. Read endpoints never return the signing secret - use signing_enabled to tell whether signing is on.
Authorizations
API key passed as a Bearer token in the Authorization header: Authorization: Bearer <YOUR_API_KEY>.
Path Parameters
The subscription ID.
Response
OK (no secret).
Subscription ID. Required for GET / PUT / DELETE.
"6a27a76692d9e3a8ffd7e62d"
Owning organization (resolved from your API key).
"ddd6f1d8-b232-497e-bf1e-ea7317622d17"
Resolved delivery scope.
ORGANIZATION, WORKSPACE, AGENT "ORGANIZATION"
User that created the subscription.
"google-oauth2|101090478854418701727"
"Payment Events Webhook"
"https://api.example.com/webhooks/payments"
[]
true
Custom HTTP headers forwarded with each delivery; omitted when unset.
{
"X-Custom-Header": "custom-value",
"Authorization": "Bearer your-api-token-here"
}
Free-text description; omitted when unset.
"Receives payment events with custom authentication"
Agent scope; omitted when unset.
Workspace scope; omitted when unset.
Per-attempt delivery timeout in ms (default 1000).
1000
Delivery retry configuration.
Whether the subscription has a signing secret. Always present.
true
HMAC signing secret, prefixed whsec_. Present only at issuance when signing is enabled. Never returned by read endpoints.
"whsec_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
"2026-06-09T10:15:00.000Z"
"2026-06-09T10:15:00.000Z"

