Configure endpoints safely
Create endpoints, rotate secrets, send test deliveries, replay failures, and change subscriptions in the signed-in SEC API dashboard. These are human-authenticated organization actions. API keys deliberately cannot mutate them. Save the signing secret when the dashboard shows it. Verify every incoming request against the exact raw body andx-secapi-signature before parsing JSON. Never log the secret or the unverified payload as trusted data.
Inspect delivery history
Open the signed-in SEC API dashboard to inspect delivery history and the current public event catalog. Use the response status, attempt count, timestamps, event type, and request ID to debug a destination. Webhook endpoint inspection belongs to the same human-authenticated organization boundary as endpoint configuration. Preserve the identifiers you need for an investigation, then return to the dashboard rather than attempting a control-plane call with an API key.Monitor events
monitor.match is the event emitted when a saved filing monitor finds new matches. Monitor dispatch is scheduled, so a webhook is a prompt to inspect source-backed filing data, not a claim of instant EDGAR delivery.

