> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fortary.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate webhook secret

<Info>
  **Pre-release** — contact your Fortary account team for access.
</Info>

<Warning>
  **Illustrative reference.** These examples show the shape of the API and are provided for early evaluation while it is still being finalized. Field names and response details may change before the API is released. A complete reference, generated directly from the live API, will replace these examples once it is available.
</Warning>

Generates a new signing secret. Requires the `webhook:manage` scope.

The new secret signs deliveries immediately; the previous secret remains valid for a **24-hour grace window**, during which the [signature header](/api/reference/webhooks/verifying-signatures) carries a `v1` entry for both secrets. Deploy the new secret to your handler within the window. A deleted webhook cannot be rotated.

## Request

```bash theme={null}
curl -X POST https://customer-api.fortary.io/v1/webhooks/whs_9b2f4e1a7c/rotate-secret \
  -H "Authorization: Bearer fort_..."
```

## Response

The webhook — fields as in [Get webhook](/api/reference/webhooks/get-webhook) — plus the new secret:

```json theme={null}
{
  "id": "whs_9b2f4e1a7c",
  "status": "ENABLED",
  "updatedAt": "2026-06-11T10:02:51Z",
  "secret": "whsec_xK7dR2..."
}
```

<Warning>
  **`secret` is returned exactly once.** Store it now; it cannot be retrieved later — only rotated again.
</Warning>

Errors follow the standard [error envelope](/api/concepts/errors).
