Rotate the signing secret

Mint a fresh whsec_… signing secret and retire the previous one over a 24-hour grace window. During the grace window the platform signs each delivery with both secrets, so verifiers can be rolled forward without dropping deliveries.

Authentication: Supports API key and bearer token authentication.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Path parameters

endpoint_idstringRequiredformat: "uuid"

Headers

X-Organization-IDstring or nullOptional

Response

Successful Response
idstringformat: "^ep_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
organization_idstringformat: "^org_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
urlstring
descriptionstring or null
event_typeslist of strings
headersmap from strings to strings or null
statusenum

Endpoint lifecycle state.

DISABLED is reserved for automatic disable by the auto-disable job; PAUSED is explicitly paused and indicates intent to resume.

disabled_reasonstring or null
created_atdatetime
updated_atdatetime
signing_secretstring

whsec_<base64> — store this; it is not retrievable later.

Errors

401
Unauthorized Error
403
Forbidden Error
404
Not Found Error
422
Unprocessable Entity Error
429
Too Many Requests Error