Rotate the signing secret

POST /openapi/v1/webhooks/:webhookId/rotate

Generate a fresh HMAC signing secret and return it ONCE. Save the returned value — there is no API to recover it. Customers should accept both the old and new secret for at least a 24-hour overlap window when rolling their verification code (overlap-window enforcement is added with the delivery layer).

Rotate the signing secret

/openapi/v1/webhooks/:webhookId/rotate

Request

Responses

Rotate the signing secret

/openapi/v1/webhooks/:webhookId/rotate

Request​

Responses​

Request

Responses