Rotate endpoint secret

curl --request POST \
  --url https://api.example.com/v1/webhooks/endpoints/{id}/rotate

{
  "secret": "whsec_f1e2d3c4-b5a6-7890-fedc-ba0987654321"
}

POST

webhooks

endpoints

{id}

rotate

Rotate endpoint secret

curl --request POST \
  --url https://api.example.com/v1/webhooks/endpoints/{id}/rotate

{
  "secret": "whsec_f1e2d3c4-b5a6-7890-fedc-ba0987654321"
}

Generates a new signing secret for a webhook endpoint. The old secret stops working immediately. The new secret is returned once — store it securely.

Rotating the secret invalidates the previous secret immediately. Update your webhook verification code with the new secret before processing further events.

Parameters

uuid

required

The ID of the webhook endpoint

Responses

{
  "secret": "whsec_f1e2d3c4-b5a6-7890-fedc-ba0987654321"
}

After rotating, update your webhook verification code with the new secret immediately. Any deliveries signed with the old secret will fail verification.

List webhook endpoints List deliveries

Attestations

Verification

Verification Packs

Issuers

API Keys

Governance

Identity & Access

Webhooks

Audit & Logs

Consumer (B2C)

System

Rotate endpoint secret

Parameters

Responses

Attestations

Verification

Verification Packs

Issuers

API Keys

Governance

Identity & Access

Webhooks

Audit & Logs

Consumer (B2C)

System

​Parameters

​Responses

Parameters

Responses