RevKeenDocs

Rotate signing secret

Generate a new signing secret for a webhook endpoint. The old secret is immediately invalidated. Store the new secret securely — it is only returned in this response.

Related endpoints

  • GET /webhook-endpoints — List webhook endpoints
  • POST /webhook-endpoints — Create webhook endpoint
  • GET /webhook-endpoints/{id} — Get webhook endpoint
  • PATCH /webhook-endpoints/{id} — Update webhook endpoint
  • DELETE /webhook-endpoints/{id} — Delete webhook endpoint

Common errors

  • 401 unauthenticated — missing, malformed, or revoked API key.
  • 404 resource_missing — the referenced resource does not exist or is not visible to your key.

Idempotency

Pass an Idempotency-Key header (UUID v4 recommended) to make retries safe. Keys are valid for 24 hours; see the idempotency guide.

POST
/webhook-endpoints/{id}/rotate-secret

Authorization

x-api-key<token>

Your RevKeen API key (powered by Unkey). Get it from Dashboard > Settings > API Keys. Use rk_sandbox_* for test mode and rk_live_* for production.

In: header

Path Parameters

id*string

Webhook endpoint ID

Formatuuid

Response Body

application/json

curl -X POST "https://api.revkeen.com/v2/webhook-endpoints/00000000-0000-0000-0000-000000000000/rotate-secret" \  -H "x-api-key: $REVKEEN_API_KEY"
{
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "url": "https://api.example.com/webhooks/revkeen",
    "description": "Production webhook endpoint",
    "enabled_events": [
      "invoice.paid",
      "payment.succeeded"
    ],
    "status": "enabled",
    "secret": "whsec_0123456789abcdef",
    "circuit_breaker_state": "closed",
    "total_deliveries": 12,
    "successful_deliveries": 10,
    "failed_deliveries": 2,
    "last_delivery_at": "2026-04-02T10:00:00.000Z",
    "created_at": "2026-04-02T10:00:00.000Z",
    "updated_at": "2026-04-02T10:00:00.000Z"
  }
}
Empty
Empty
Edit on GitHub

Delete webhook endpoint

Previous Page

List webhook deliveries

Next Page