Skip to main content
POST
/
v1
/
public
/
webhook
/
subscription
/
{id}
/
rotate
/
secret
Rotate the signing secret
curl --request POST \
  --url https://api.example.com/v1/public/webhook/subscription/{id}/rotate/secret \
  --header 'Authorization: Bearer <token>'
{
  "secret": "whsec_NEWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "previous_secret_expires_at": "2026-06-12T10:15:00.000Z"
}

Authorizations

Authorization
string
header
required

API key passed as a Bearer token in the Authorization header: Authorization: Bearer <YOUR_API_KEY>.

Path Parameters

id
string
required

The subscription ID whose secret to rotate.

Response

OK. Returns only the two rotation fields.

Returns only the two rotation fields - not the full subscription object.

secret
string

The new signing secret (whsec_...), returned once.

Example:

"whsec_NEWxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

previous_secret_expires_at
string<date-time>

When the previous secret stops being accepted (rotation time + 72h).

Example:

"2026-06-12T10:15:00.000Z"