> ## Documentation Index
> Fetch the complete documentation index at: https://docs.messagedesk.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Developer Tools

> Configure your MessageDesk webhook endpoint and signing secret in Developer Tools. Required before using the Send Webhook relay action.

# Developer Tools

The **Developer Tools** page is where you configure the workspace-level webhook endpoint and signing secret MessageDesk uses to push events to your systems.

<Note>
  **Required for the Send Webhook relay action.** This configuration must exist before the [Send Webhook](/relays/webhooks) action will deliver events from your Relays.
</Note>

***

## Open Developer Tools

Go to **Account → Settings → Workspace Settings → Developer Tools**.

***

## Add a webhook endpoint URL

1. Click **Add endpoint** (or edit your existing endpoint).
2. Enter the **URL** that MessageDesk should POST events to. It must:
   * Use **HTTPS**.
   * Be reachable from the public internet.
   * Respond with a **2xx** status code on success.
3. Click **Save**.

Configure your endpoint here once and reference it from any number of Relays that use the **Send Webhook** action.

***

## Generate and rotate your signing secret

MessageDesk signs every outbound webhook with a **signing secret** so your receiver can verify the request really came from MessageDesk.

* **Generate.** Click **Generate signing secret** the first time you set up Developer Tools.
* **View / copy.** Copy the secret into your receiver's configuration. Store it somewhere safe.
* **Rotate.** Click **Rotate signing secret** to generate a new value. Update your receiver immediately. Webhooks signed with the previous secret will fail validation after rotation.

<Warning>
  Treat the signing secret like a password. Anyone with it can forge webhook requests that look like they came from MessageDesk.
</Warning>

For the full webhook payload format, headers, signature validation algorithm, and retry behavior, see [Relays → Send Webhook](/relays/webhooks).

***

## Who can use Developer Tools

The **Developer** feature permission gates Developer Tools, API key management, and [Zapier](/integrations/zapier) authentication.

| Role         | Developer access     |
| ------------ | -------------------- |
| **Admin**    | Owner (full)         |
| **Manager**  | No Access by default |
| **Operator** | No Access by default |

To let Managers, Operators, or custom roles manage webhooks, API keys, or build Zapier workflows under their own account, an admin must grant **Editor** or **Owner** on the **Developer** feature via a custom role. **Viewers** can read Developer Tools but can't create Zapier workflows under their own auth.

See [Team Management → Roles & Permissions](/settings/workspace-settings/team-management) to customize roles.

***

## See also

* [Relays → Send Webhook](/relays/webhooks). Payload, signature validation, and retry behavior.
* [Relays overview](/relays/overview).