Rotate webhook signing secret
Generates a new signing secret for the specified webhook configuration.
curl -X PATCH "https://api.example.com/api/v1/applications/example_string/webhooks/example_string/secret" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT)"
import requests
import json
url = "https://api.example.com/api/v1/applications/example_string/webhooks/example_string/secret"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)"
}
response = requests.patch(url, headers=headers)
print(response.json())
const response = await fetch("https://api.example.com/api/v1/applications/example_string/webhooks/example_string/secret", {
method: "PATCH",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("PATCH", "https://api.example.com/api/v1/applications/example_string/webhooks/example_string/secret", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT)")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.example.com/api/v1/applications/example_string/webhooks/example_string/secret')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Patch.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT)'
response = http.request(request)
puts response.body
{
"keyFingerprint": "whsec_****b7d1",
"signingSecret": "whsec_new_full_secret_value"
}
{
"error": "Unauthorized",
"message": "Authentication required. Please provide a valid API token",
"code": 401
}
{
"error": "Forbidden",
"message": "You don't have permission to access this resource",
"code": 403
}
{
"error": "Not Found",
"message": "The requested resource was not found",
"code": 404
}
{
"error": "Error",
"message": "Service temporarily unavailable.",
"code": 502
}
{
"error": "Error",
"message": "Request timed out.",
"code": 504
}
PATCH
/api/v1/applications/{applicationId}/webhooks/{webhookId}/secretPATCH
Base URLstring
Target server for requests. Edit to use your own host.
Bearer Token (JWT)
Bearer Tokenstring
RequiredBearer token (JWT) - just enter the token, "Bearer" prefix will be added automatically
path
applicationIdstring
RequiredID of the application that owns the webhook.
path
webhookIdstring
RequiredID of the webhook configuration to rotate.
Request Preview
Response
Response will appear here after sending the request
Authentication
header
Authorizationstring
RequiredBearer token (JWT). Authentication token required.
Path Parameters
applicationIdstring
RequiredID of the application that owns the webhook.
webhookIdstring
RequiredID of the webhook configuration to rotate.
Responses
keyFingerprintstring
RequiredFingerprint of the newly generated signing key. Safe to display and store.
signingSecretstring
RequiredNewly generated signing secret. Shown only once on rotation; the merchant must persist it immediately.
Was this page helpful?