API Reference
Rotate Webhook Secret
POST /webhooks/:id/rotate — replace the signing secret for a webhook.
POST
/webhooks/:id/rotateRotates the signing secret for a webhook, invalidating the old secret immediately. Use this if your current secret has been compromised or as part of a regular credential rotation policy. The new plaintext secret is returned once in this response — store it securely before the request completes.
Path parameters
idstringrequiredThe webhook id.
import { MailBlastr } from 'mailblastr';
const mb = new MailBlastr('mb_xxxxxxxxx');
const { data, error } = await mb.webhooks.rotate('4dd369bc-aa82-4ff3-97de-514ae3000ee0');
console.log({ data, error });Response
{
"object": "webhook",
"id": "4dd369bc-aa82-4ff3-97de-514ae3000ee0",
"signing_secret": "whsec_xxxxxxxxxx"
}The new
signing_secret is only returned here, at rotation. The old secret stops working immediately. Store the new value securely — it cannot be retrieved again.