Rotate webhook signing secret

curl --request POST \
  --url http://localhost:8000/v1/webhooks/{webhook_config_id}/rotate \
  --header 'Authorization: Bearer <token>'

{
  "webhook_config_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "signing_secret": "<string>",
  "rotated_at": "2023-11-07T05:31:56Z"
}

POST

webhooks

{webhook_config_id}

rotate

Rotate webhook signing secret

curl --request POST \
  --url http://localhost:8000/v1/webhooks/{webhook_config_id}/rotate \
  --header 'Authorization: Bearer <token>'

{
  "webhook_config_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "signing_secret": "<string>",
  "rotated_at": "2023-11-07T05:31:56Z"
}

Authorization

string

header

required

API Key authentication. Format: dk_test_ or dk_live_

webhook_config_id

string<uuid>

required

Webhook configuration ID

New signing secret (shown only once)

Response for rotating a webhook signing secret.

WARNING: The old signing secret is immediately invalidated. Update your webhook receiver before verifying signatures.

webhook_config_id

string<uuid>

required

Unique webhook configuration identifier

signing_secret

string

required

New webhook signing secret for HMAC verification (SHOWN ONLY IN THIS RESPONSE)

rotated_at

string<date-time>

required

Timestamp when the secret was rotated (ISO 8601)

⌘I