Skip to main content
POST
/
webhooks
/
secret
/
regenerate
Regenerate Webhook Secret
curl --request POST \
  --url https://api.fyatu.com/api/v3.20/webhooks/secret/regenerate \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated",
  "data": {
    "webhookSecret": "whsec_new_secret_value_here"
  },
  "meta": {
    "requestId": "req_abc123",
    "timestamp": "2026-04-30T10:30:00+00:00"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Generate a new webhook signing secret. The previous secret is immediately invalidated — webhooks will be signed with the new secret from this point forward.

When to Use

  • Your current webhookSecret has been compromised or exposed
  • Rotating secrets as part of your security policy
  • You’ve lost the secret and need a new one

Response Fields

FieldTypeDescription
webhookSecretstringNew signing secret — store immediately, shown only once
secretNotestringReminder that the secret is shown only once

Migration Strategy

To avoid dropping webhooks during rotation:
1

Regenerate Secret

Call this endpoint to get a new secret
2

Update Your Server

Deploy the new secret to your webhook handler
3

Verify

Send a test webhook with POST /webhooks/test to confirm the new secret validates correctly
The new webhookSecret is shown only once in the response. Store it immediately. The old secret stops working as soon as this endpoint is called.

Authorizations

Authorization
string
header
required

JWT access token obtained from POST /auth/token

Response

200 - application/json

Secret regenerated