Rotate webhook signing secret

curl --request POST \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/rotate-secret \
  --header 'Authorization: <api-key>'

{
  "message": "Webhook secret rotated successfully",
  "new_secret": "whsec_new123...",
  "old_secret_expires_at": "2025-10-23T12:00:00Z",
  "rotated_at": "2025-10-16T12:00:00Z"
}

POST

webhooks

rotate-secret

Rotate webhook signing secret

curl --request POST \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/rotate-secret \
  --header 'Authorization: <api-key>'

{
  "message": "Webhook secret rotated successfully",
  "new_secret": "whsec_new123...",
  "old_secret_expires_at": "2025-10-23T12:00:00Z",
  "rotated_at": "2025-10-16T12:00:00Z"
}

Authorizations

Authorization

string

header

required

API key for authentication. Use your API key directly without any prefix (e.g., 'your-api-key'). Bearer prefix is optional but not required.

Response

Secret rotated successfully

message

string

new_secret

string

old_secret_expires_at

string<date-time>

rotated_at

string<date-time>

Get webhook secret rotation status Generate JWT token for embedding templates

⌘I