The webhook secret
Your webhook secret is a unique token used to verify that incoming webhook events are genuinely from your CRM. Every Space has its own webhook secret.
Where to find it
Go to Space Settings → General. The webhook secret is displayed in the Webhook section alongside the Webhook URL.
How it works
When your CRM sends a webhook event to Greylytics, it must include the webhook secret in the request headers. Greylytics checks the secret on every incoming request. If it doesn't match, the request is rejected and no lead is created.
This prevents anyone who discovers your webhook URL from injecting fake leads into your Space.
Using it in GoHighLevel
When you configure the webhook in GoHighLevel, paste the secret into the Secret field on the webhook configuration page. GoHighLevel will automatically include it in the X-Webhook-Secret header on every request.
See Setting up the CRM webhook for the full setup guide.
Rotating your secret
If you believe your webhook secret has been exposed — for example, it was accidentally shared in a screenshot or committed to a public repository — you should rotate it immediately.
Open Space Settings → General
Click Space Settings in the navigation and select the General tab.
Click Rotate Secret
Click the Rotate Secret button next to the webhook secret. Confirm the rotation.
Update GoHighLevel with the new secret
Copy the new secret and update it in your GoHighLevel webhook configuration. Until you do this, incoming webhooks will be rejected.
Danger
After rotating your secret, update it in GoHighLevel immediately. Any webhook events sent with the old secret will be rejected and those leads will not be suppressed.