Get webhook secret rotation status

curl --request GET \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
  --header 'Authorization: <api-key>'

{
  "created_at": "2025-09-01T10:00:00Z",
  "last_rotated_at": "2025-10-16T12:00:00Z",
  "grace_period_active": true,
  "grace_period_ends_at": "2025-10-23T12:00:00Z"
}

GET

webhooks

secret-status

Get webhook secret rotation status

curl --request GET \
  --url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
  --header 'Authorization: <api-key>'

{
  "created_at": "2025-09-01T10:00:00Z",
  "last_rotated_at": "2025-10-16T12:00:00Z",
  "grace_period_active": true,
  "grace_period_ends_at": "2025-10-23T12:00:00Z"
}

Authorizations

Authorization

string

header

required

API key for authentication. Use your API key directly without any prefix (e.g., 'your-api-key'). Bearer prefix is optional but not required.

Response

Secret status retrieved successfully

created_at

string<date-time> | null

When the webhook secret was created

last_rotated_at

string<date-time> | null

When the webhook secret was last rotated

grace_period_active

boolean

Whether the old secret is still valid alongside the new one

grace_period_ends_at

string<date-time> | null

When the old secret grace period expires

Test a webhook Rotate webhook signing secret

⌘I

Endpoints

Authorizations

Response