---
api: 'Business API'
---

# Rotate a webhook signing secret

Rotate a signing secret for a specific webhook.

For more information, see the guides: [About webhooks](/docs/guides/manage-accounts/webhooks/about-webhooks) and [Manage webhooks](/docs/guides/manage-accounts/webhooks/manage-webhooks#rotate-a-webhook-signing-secret).

## Endpoint

POST `/webhooks/{webhook_id}/rotate-signing-secret`

## Parameters

### path parameters

- `webhook_id` (string, required)
  The ID of the webhook for which to rotate the secret.

## Request body

Webhook signing secret rotation request

### Attributes

- `expiration_period` (string, optional)
    The expiration period for the signing secret in [ISO 8601 format](https://en.wikipedia.org/wiki/ISO_8601#Durations). If set, when you rotate the secret, it continues to be valid until the expiration period has passed. Otherwise, on rotation, the secret is invalidated immediately. The maximum value is 7 days.

## Returns

### 200

The details of the webhook for which you rotated the signing secret

#### Response attributes

- `id` (string)
    The ID of the webhook.
- `url` (string)
    The valid webhook URL that event notifications are sent to. The supported protocol is `https`.
- `events` (array of enum)
    The list of event types that you are subscribed to.
- `signing_secret` (string)
    The signing secret for the webhook.

## Error responses

| HTTP status code | Description |
| --- | --- |
| 400 | Bad Request  Returned, for example, for an incorrect expiration period provided. |
| 404 | Not Found |
| 422 | Unprocessable Entity |