Skip to main content
POST
/
webhooks
/
{id}
/
rotate-secret
Rotate the signing secret
curl --request POST \
  --url https://sandbox.api.reap.global/webhooks/{id}/rotate-secret \
  --header 'Authorization: Bearer <token>' \
  --header 'Reap-Version: <reap-version>' \
  --header 'idempotency-key: <idempotency-key>'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "name": "<string>",
  "url": "<string>",
  "status": "ACTIVE",
  "lastUsedAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z",
  "signingSecret": "<string>"
}

Authorizations

Authorization
string
header
required

API key as Bearer token

Headers

Reap-Version
enum<string>
required

API version (YYYY-MM-DD)

Available options:
2025-02-14
Example:

"2025-02-14"

Idempotency-Key
string

Unique key for safely retrying this request. Up to 255 characters; we recommend a UUIDv4. The first request executes and its response is cached; subsequent requests with the same key replay the cached response (24h retention).

Required string length: 1 - 255
idempotency-key
string
required

Unique key for safely retrying this request. Up to 255 characters; we recommend a UUIDv4. The first request executes and its response is cached; subsequent requests with the same key replay the cached response (24h retention).

Required string length: 1 - 255

Path Parameters

id
string<uuid>
required

Webhook ID

Response

Webhook with its newly minted signing secret. The previous secret is no longer accepted.

id
string<uuid>
required

Unique webhook identifier

name
string
required

Human-readable label

url
string
required

HTTPS endpoint that receives signed POSTs

status
enum<string>
required

Lifecycle status. Disabled webhooks receive no deliveries.

Available options:
ACTIVE,
DISABLED
Example:

"ACTIVE"

lastUsedAt
string<date-time> | null
required

Timestamp of the most recent successful delivery

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
createdAt
string<date-time>
required

ISO 8601 creation timestamp

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
updatedAt
string<date-time>
required

ISO 8601 last update timestamp

Pattern: ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$
signingSecret
string
required

HMAC signing secret. Returned exactly once. Store it securely - it cannot be retrieved again. The previous secret (if any) is invalidated immediately.