Get webhook secret rotation status

curl --request GET \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
  --header 'Authorization: <api-key>'

{
  "has_secret": true,
  "secret_created_at": "2025-09-01T10:00:00Z",
  "last_rotated_at": "2025-10-16T12:00:00Z",
  "old_secret_expires_at": "2025-10-17T12:00:00Z",
  "old_secret_still_valid": true
}

GET

webhooks

secret-status

Get webhook secret rotation status

curl --request GET \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
  --header 'Authorization: <api-key>'

{
  "has_secret": true,
  "secret_created_at": "2025-09-01T10:00:00Z",
  "last_rotated_at": "2025-10-16T12:00:00Z",
  "old_secret_expires_at": "2025-10-17T12:00:00Z",
  "old_secret_still_valid": true
}

Authorizations

Authorization

string

header

required

API key for authentication. Use your API key directly without any prefix (e.g., 'your-api-key'). Bearer prefix is optional but not required.

Response

Secret status retrieved successfully

has_secret

boolean

secret_created_at

string<date-time>

last_rotated_at

string<date-time> | null

old_secret_expires_at

string<date-time> | null

old_secret_still_valid

boolean

Test a webhook Rotate webhook signing secret

⌘I

Endpoints

Documentation Index

Authorizations

Response