Rotate webhook signing secret | Verifa

Generates a new signing secret for the webhook endpoint. The previous secret is invalidated immediately. Store the new secret securely — it is only returned in this response.

Authentication

X-API-Keystring

Organization API key. Keys are prefixed with vk_live_ (production) or vk_sandbox_ (sandbox).

Path parameters

endpoint_idstringRequired

Response

Secret rotated. The new secret is included in the response.

created_atdatetime

enabledboolean

enabled_eventslist of strings

Event types this endpoint is subscribed to. Empty means all events.

environmentenum

Allowed values:

idstring

secretstring

HMAC signing secret for verifying webhook payloads. Only returned at creation and secret rotation — store it securely.

updated_atdatetime

urlstringformat: "uri"

api_versionstring or null

attribute_blocklistlist of strings

Attribute paths to exclude from webhook payloads.

descriptionstring or null

event_filter_conditionsmap from strings to any

Conditional filters applied before dispatching events to this endpoint.

key_inflectionenum

Allowed values:

labelstring or null

Errors

401

Unauthorized Error

404

Not Found Error

1	{
2	"created_at": "2024-01-15T09:30:00Z",
3	"enabled": true,
4	"enabled_events": [
5	"string"
6	],
7	"environment": "live",
8	"id": "wh_abc123",
9	"secret": "string",
10	"updated_at": "2024-01-15T09:30:00Z",
11	"url": "string",
12	"api_version": "string",
13	"attribute_blocklist": [
14	"string"
15	],
16	"description": "string",
17	"event_filter_conditions": {},
18	"key_inflection": "camel",
19	"label": "string"
20	}

1	curl -X POST https://devapi.withverifa.com/api/v1/webhooks/endpoints/wh_abc123/rotate-secret \
2	-H "X-API-Key: <apiKey>"

Authentication

Path parameters

Headers

Response

Errors