One thing we discovered that we cannot get confirmation from Box Support is that if you create a Webhook and revoke a Developer Token for the user that created the webhook, the same ones that expire in 60 minutes, the Webhooks in that app on the Dev Console get deleted.
Even coming back months later and creating then revoking the token will delete the webhook if its the same user that created the Webhook.
Even though it's a security concern I would recommend that you DO NOT REVOKE your developer tokens if you have previously created a Webhook using that same account.
Still waiting on Box Support and have heard nothing back on our ticket on if this is expected behavior or a bug in their API. If it was not a bug I would expect the documentation to have mentioned that somewhere open.