API Reference

Rotate Webhook Secret

POST /webhooks/:id/rotate — replace the signing secret for a webhook.

POST/webhooks/:id/rotate

Rotates the signing secret for a webhook, invalidating the old secret immediately. Use this if your current secret has been compromised or as part of a regular credential rotation policy. The new plaintext secret is returned once in this response — store it securely before the request completes.

Path parameters
idstringrequired

The webhook id.

import { MailBlastr } from 'mailblastr';

const mb = new MailBlastr('mb_xxxxxxxxx');

const { data, error } = await mb.webhooks.rotate('4dd369bc-aa82-4ff3-97de-514ae3000ee0');
console.log({ data, error });

Response

{
  "object": "webhook",
  "id": "4dd369bc-aa82-4ff3-97de-514ae3000ee0",
  "signing_secret": "whsec_xxxxxxxxxx"
}
The new signing_secret is only returned here, at rotation. The old secret stops working immediately. Store the new value securely — it cannot be retrieved again.