Skip to main content
POST
/
api
/
v1
/
webhooks
/
{id}
/
rotate-secret
Rotate the signing secret
curl --request POST \
  --url https://app.autousers.ai/api/v1/webhooks/{id}/rotate-secret \
  --header 'Authorization: Bearer <token>'
{
  "id": "<string>",
  "url": "<string>",
  "secret": "<string>",
  "secret_prefix": "<string>",
  "description": "<string>",
  "enabled_events": [
    "<string>"
  ],
  "status": "enabled",
  "api_version": "<string>",
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z"
}

Documentation Index

Fetch the complete documentation index at: https://docs.autousers.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

Idempotency-Key
string

Client-generated idempotency key (≤255 chars). Replays the cached response when the same (team, key) pair sees an identical request body within 24h; returns 409 idempotency_key_reused if the body differs. Recommended for every billable POST.

Maximum string length: 255
Autousers-Version
string

Date-pinned API version (e.g. 2026-05-04). Omit to receive the latest stable version. Behaves like Stripe's Stripe-Version — pinning a version freezes payload shapes against breaking changes during the 12-month sunset window.

Path Parameters

id
string
required

cuid of the resource

Response

Secret rotated — new plaintext secret returned ONCE

id
string
required
url
string<uri>
required
secret
string
required

Plaintext signing secret (whsec_*). Returned ONCE on create / rotate-secret and never again — persist immediately or call rotate-secret to mint a new one.

secret_prefix
string
required
description
string | null
enabled_events
string[]
status
enum<string>
Available options:
enabled,
disabled
api_version
string | null
created_at
string<date-time>
updated_at
string<date-time>
{key}
any