Get webhook secret rotation status
curl --request GET \
--url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
--header 'Authorization: <api-key>'import requests
url = "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status"
headers = {"Authorization": "<api-key>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: '<api-key>'}};
fetch('https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status")
.header("Authorization", "<api-key>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = '<api-key>'
response = http.request(request)
puts response.read_body{
"created_at": "2025-09-01T10:00:00Z",
"last_rotated_at": "2025-10-16T12:00:00Z",
"grace_period_active": true,
"grace_period_ends_at": "2025-10-23T12:00:00Z"
}{
"error": "Unauthorized",
"message": "Invalid API key"
}{
"error": "<string>",
"message": "<string>",
"details": {}
}{
"error": "Rate Limit Exceeded",
"message": "Too many requests. Please wait before retrying.",
"details": {
"retry_after": 45
}
}Webhooks
Get webhook secret rotation status
Returns information about the current webhook secret including rotation status and expiry of old secret if applicable.
GET
/
webhooks
/
secret-status
Get webhook secret rotation status
curl --request GET \
--url https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status \
--header 'Authorization: <api-key>'import requests
url = "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status"
headers = {"Authorization": "<api-key>"}
response = requests.get(url, headers=headers)
print(response.text)const options = {method: 'GET', headers: {Authorization: '<api-key>'}};
fetch('https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status")
.header("Authorization", "<api-key>")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.firma.dev/functions/v1/signing-request-api/webhooks/secret-status")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = '<api-key>'
response = http.request(request)
puts response.read_body{
"created_at": "2025-09-01T10:00:00Z",
"last_rotated_at": "2025-10-16T12:00:00Z",
"grace_period_active": true,
"grace_period_ends_at": "2025-10-23T12:00:00Z"
}{
"error": "Unauthorized",
"message": "Invalid API key"
}{
"error": "<string>",
"message": "<string>",
"details": {}
}{
"error": "Rate Limit Exceeded",
"message": "Too many requests. Please wait before retrying.",
"details": {
"retry_after": 45
}
}Authorizations
API key for authentication. Use your API key directly without any prefix (e.g., 'your-api-key'). Bearer prefix is optional but not required.
Response
Secret status retrieved successfully
When the webhook secret was created
When the webhook secret was last rotated
Whether the old secret is still valid alongside the new one
When the old secret grace period expires
Was this page helpful?
⌘I