Skip to main content
POST
Rotate webhook signing secret

Authorizations

Authorization
string
header
required

API key for authentication. Use your API key directly without any prefix (e.g., 'your-api-key'). Bearer prefix is optional but not required.

Response

Secret rotated successfully

message
string
new_secret
string

The new webhook signing secret (64 character hex string)

grace_period_hours
integer

Hours the old secret remains valid alongside the new one

warning
string

Reminder to update webhook signature verification