Rotate a webhook signing secret
webhooks
Rotate a webhook signing secret
Rotates the HMAC signing secret. The previous secret stays valid for a 24-hour overlap window so in-flight requests signed with the old secret still verify — update your sender within 24h. The new signing_secret is returned exactly once. Cross-tenant access returns 404.
POST
Rotate a webhook signing secret
Authorizations
Path Parameters
Response
Successful Response
POST response — the ONLY place the signing secret + receive URL appear.
Show-once at create (and on explicit rotate); the read model omits both.