Rotate Webhook Signing Secret

Rotate the HMAC-SHA256 signing secret for a webhook endpoint.

POST /api/v1/businesses/:businessId/webhook-endpoints/:endpointId/rotate-endpoint-secret Generates a new signing secret for the endpoint. The old secret is immediately invalidated. Use this for key rotation or if a secret has been compromised.

Warning: The new signing secret is shown only once. Store it securely before confirming the rotation.

Parameters

Path

Name	Type	Required	Description
`businessId`	`string`	Yes	The business ID
`endpointId`	`string`	Yes	The endpoint ID

Request example

curl --request POST 'https://payments.bleepay.com/api/v1/businesses/biz_abc/webhook-endpoints/wh_abc123/rotate-endpoint-secret' \
  --header 'Authorization: Bearer <business_token>' \
  --header 'Content-Type: application/json' \
  --data '{}'

Response

Response schema

Field	Type	Description
`id`	`string`	Endpoint identifier
`signingSecret`	`string`	New signing secret — shown only once

Example response

{
  "id": "wh_abc123",
  "signingSecret": "whsec_newsecret123..."
}

Update Webhook Endpoint

Enable Webhook Endpoint

​Parameters

​Path

​Request example

​Response

​Response schema

​Example response