Skip to content
Start free in Cloud

Rotate site webhook signing secret REST API

POST
/api/sites/{id}/webhooks/{webhookID}/rotate
curl --request POST \
--url https://hitkeep.com/api/sites/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/webhooks/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/rotate \
--cookie hk_token=<hk_token>

Re-signs pending deliveries, replaces the configured secret, and returns the new value exactly once. A request already in flight may still use the previous secret.

id
required
string format: uuid
webhookID
required
string format: uuid

Webhook and new one-time secret

Media typeapplication/json
object
secret
required

One-time signing secret. It is returned only on creation or rotation.

string
webhook
required
object
created_at
required
string format: date-time
description
required
string
enabled
required
boolean
events
required
Array<string>
id
required
string format: uuid
name
required
string
scope
required
string
Allowed values: instance site
site_id
string | null format: uuid
updated_at
required
string format: date-time
url
required
string format: uri
Example
{
"webhook": {
"scope": "instance"
}
}