Paytrie Developer Documentation
API ReferenceWebhook

Rotate the webhook signing secret

POST
/webhook-configurations/signing-secret/rotate

Generates a new HMAC-SHA256 signing secret used to sign webhook payloads. The previous secret is invalidated immediately. Update your verification logic before rotating.

Note: The signing secret is shared between v1 and v2 webhook delivery. Rotating here invalidates the secret used by both /webhooks (legacy) and /v2/webhook-configurations paths. If you have a v2 subscription configured and later delete it to roll back to v1, the rotated secret remains the active one — re-rotate via the v1 POST /webhook-signing-secret endpoint only if you need a fresh key.

Authorization

ApiKeyAuth
x-api-key<token>

API key for integrator authentication

In: header

Header Parameters

x-api-key*string

API key for authentication

Response Body

application/json

application/json

application/json

import { PaytrieAPI, configure } from '@paytrie/sdk'configure({ headers: { 'x-api-key': process.env.PAYTRIE_API_KEY! } })const { data } = await PaytrieAPI.rotateWebhookSigningSecret()
{  "success": true,  "data": {    "signingSecret": "whsec_abc123..."  }}
{  "success": false,  "errors": [    {      "field": "string",      "message": "string"    }  ]}
{  "success": false,  "errors": [    {      "field": "string",      "message": "string"    }  ]}