Rotate a webhook signing secret
Rotate the signing secret for a specific webhook.
For more information, see Tutorials: Verify the payload signature.
Request
The ID of the webhook.
Example: "Bearer sk_1234567890ABCdefGHIjklMNOpqrSTUvwxYZ_1234567890-Ab_cdeFGHijkLMNopq"
This parameter accepts the Merchant API Secret key to authorise requests coming from the merchant's backend.
It ensures that ensures that each request is authenticated and authorised by verifying the secret key. The secret key should be included in all request headers as a Bearer token.
For more information, see: Authentication
Possible values: <= P7D
Example: "PT5H30M"
The expiration period of the signing secret in the ISO 8601 format.
If defined, when the signing secret is rotated, it continues to be valid until the expiration period passes.
Otherwise, it is invalidated immediately.
Maximum expiration period is 7 days.
Response
OK
The ID of the webhook.
Possible length: <= 2000 characters
Your webhook's URL to which event notifications will be sent.
Must be a valid HTTP or HTTPS URL, capable of receiving POST requests.
Restrictions:
- Max length of
urlstring:2000 - Only valid
http://orhttps://domains are accepted - Domain cannot be
localhostor IP address
Possible values: [ORDER_COMPLETED, ORDER_AUTHORISED, ORDER_CANCELLED, ORDER_PAYMENT_AUTHENTICATED, ORDER_PAYMENT_DECLINED, ORDER_PAYMENT_FAILED, PAYOUT_INITIATED, PAYOUT_COMPLETED, PAYOUT_FAILED, DISPUTE_ACTION_REQUIRED, DISPUTE_UNDER_REVIEW, DISPUTE_WON, DISPUTE_LOST]
Possible number of items: non-empty
List of event types that the webhook is configured to listen to.
Each event is related to status changes of a specific object in the Merchant API:
| Object | Event types |
|---|---|
Order |
|
Payment |
|
Payout |
|
Dispute |
|
The signing secret for the webhook. Use it to verify the signature for the webhook request's payload.