API Reference
Webhooks

Rotate the signing secret for a subscription

POST
/v1/webhooks/{id}/rotate-secret

Generates a fresh signing secret. The new cleartext is returned once; previous secret stops verifying immediately.

Authorization

bearerAuth
AuthorizationBearer <token>

Long-lived ES256 JWT minted from the dashboard (https://app.sautikit.com/developers/api-keys). Signed by the platform keyring. Carries workspace_id and scopes claims; revoked via the platform deny-list.

In: header

Path Parameters

id*string
Formatuuid

Header Parameters

Idempotency-Key?string

Optional client-supplied idempotency key. Accepted and logged; rotation is naturally idempotent at the DB level (each call mints a fresh secret).

Lengthlength <= 64

Response Body

application/json

application/json

curl -X POST "https://example.com/v1/webhooks/497f6eca-6276-4993-bfeb-53cbbbba6f08/rotate-secret"
{  "secret": "string"}
{  "error": {    "code": "validation.bad_request",    "message": "string",    "request_id": "string"  }}