Skip to main content
POST
/
v1
/
webhook_endpoints
/
{id}
/
rotate_secret
Rotate the signing secret
curl --request POST \
  --url https://api.callingbox.io/v1/webhook_endpoints/{id}/rotate_secret \
  --header 'Authorization: Bearer <token>'
{
  "signing_secret": "whsec_1234567890abcdef1234567890abcdef",
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "org_id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "url": "<string>",
  "description": "<string>",
  "enabled_events": [
    "<string>"
  ],
  "disabled_reason": "<string>",
  "disabled_at": "2023-11-07T05:31:56Z",
  "consecutive_failures": 123,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
default:sk_live_your_api_key
required

API key starting with sk_

Path Parameters

id
string<uuid>
required

Response

200 - application/json

Endpoint with new secret

signing_secret
string
required

The HMAC-SHA256 signing secret. Returned only on create and rotate. CallingBox never shows it again.

Example:

"whsec_1234567890abcdef1234567890abcdef"

id
string<uuid>
org_id
string<uuid>
url
string
description
string | null
enabled_events
string[]
status
enum<string>
Available options:
enabled,
disabled
disabled_reason
string | null

Populated when CallingBox auto-disables the endpoint after 10 consecutive exhausted deliveries (too_many_failures) or when manually disabled.

disabled_at
string<date-time> | null
consecutive_failures
integer

Consecutive exhausted deliveries. Resets on success.

created_at
string<date-time>
updated_at
string<date-time>