> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getdialed.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get a webhook

> Fetches one webhook config. Cross-tenant access returns 404, never 403.



## OpenAPI

````yaml /openapi.json get /webhooks/{webhook_id}
openapi: 3.1.0
info:
  title: GetDialed Flows API
  version: 0.1.0
servers:
  - url: https://api.getdialed.ai/flows
    description: Production
  - url: http://localhost:8000
    description: Local development
security: []
paths:
  /webhooks/{webhook_id}:
    get:
      tags:
        - webhooks
      summary: Get a webhook
      description: Fetches one webhook config. Cross-tenant access returns 404, never 403.
      operationId: get_webhook_webhooks__webhook_id__get
      parameters:
        - name: webhook_id
          in: path
          required: true
          schema:
            type: string
            title: Webhook Id
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookConfigResponse'
        '401':
          description: Missing or invalid authentication
          content:
            application/json:
              example:
                detail: Authentication required
        '404':
          description: Not found — also returned on cross-tenant access (never 403)
          content:
            application/json:
              example:
                detail: Webhook not found
        '422':
          description: Validation error (see body for field details)
          content:
            application/json:
              example:
                detail: Validation error
      security:
        - APIKeyHeader: []
        - HTTPBearer: []
components:
  schemas:
    WebhookConfigResponse:
      properties:
        id:
          type: string
          title: Id
        definition_id:
          type: string
          title: Definition Id
        org_id:
          type: string
          title: Org Id
        description:
          type: string
          title: Description
        mode:
          type: string
          title: Mode
        provider:
          type: string
          title: Provider
        input_template:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Input Template
        dispatch_retry:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Dispatch Retry
        rate_limit:
          anyOf:
            - type: integer
            - type: 'null'
          title: Rate Limit
        enabled:
          type: boolean
          title: Enabled
        created_at:
          type: string
          format: date-time
          title: Created At
        updated_at:
          type: string
          format: date-time
          title: Updated At
      type: object
      required:
        - id
        - definition_id
        - org_id
        - description
        - mode
        - provider
        - input_template
        - dispatch_retry
        - rate_limit
        - enabled
        - created_at
        - updated_at
      title: WebhookConfigResponse
      description: |-
        GET response — NEVER carries the signing secret (T-41-05).

        Surfaces `rate_limit` + `dispatch_retry` so admins can read back the
        current policy.
      example:
        created_at: '2026-07-09T09:00:00Z'
        definition_id: def_a1b2c3d4
        description: Inbound Stripe payment webhook
        enabled: true
        id: wh_1a2b3c4d5e6f
        input_template:
          amount: '{{ payload.data.object.amount }}'
        mode: trigger
        org_id: org_e5f6g7h8
        provider: standard
        rate_limit: 1000
        updated_at: '2026-07-09T09:00:00Z'
  securitySchemes:
    APIKeyHeader:
      type: apiKey
      in: header
      name: X-API-Key
    HTTPBearer:
      type: http
      scheme: bearer
      bearerFormat: JWT

````