Regenerate Webhook Secret

curl --request POST \
  --url https://api.fyatu.com/api/v3/webhooks/secret/regenerate \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated successfully",
  "data": {
    "webhookSecret": "whsec_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "regeneratedAt": "2026-01-15T10:30:00+00:00",
    "note": "Store this secret securely. It will not be shown again. Update your webhook handler with this new secret."
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

POST

webhooks

secret

regenerate

Regenerate Webhook Secret

curl --request POST \
  --url https://api.fyatu.com/api/v3/webhooks/secret/regenerate \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated successfully",
  "data": {
    "webhookSecret": "whsec_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "regeneratedAt": "2026-01-15T10:30:00+00:00",
    "note": "Store this secret securely. It will not be shown again. Update your webhook handler with this new secret."
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

Regenerate Webhook Secret

Generate a new webhook secret for signing webhook payloads. This immediately invalidates your previous secret.

After regenerating your secret, you must update your webhook handler with the new secret. Any webhooks sent after regeneration will be signed with the new secret, and verification using the old secret will fail.

Request

curl -X POST https://api.fyatu.com/api/v3/webhooks/secret/regenerate \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

No request body is required.

Response

success

boolean

Whether the request was successful

data

object

Show properties

webhookSecret

string

Your new webhook secret. Store this securely!

regeneratedAt

string

ISO 8601 timestamp of when the secret was regenerated

note

string

A reminder about updating your webhook handler

{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated successfully",
  "data": {
    "webhookSecret": "whsec_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "regeneratedAt": "2026-01-15T10:30:00+00:00",
    "note": "Store this secret securely. It will not be shown again. Update your webhook handler with this new secret."
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

When to Regenerate

You should regenerate your webhook secret if:

Your secret was accidentally exposed
An employee with access to the secret has left your organization
You want to rotate secrets as a security best practice
You suspect unauthorized access to your webhooks

After Regenerating

Copy the new secret from the response immediately
Update your webhook handler with the new secret
Test webhook delivery using the Test Webhook endpoint
Monitor your logs to ensure webhooks are being verified correctly

The old secret is invalidated immediately. There is no grace period. Make sure you’re ready to update your handler before regenerating.

Authorizations

Authorization

string

header

required

JWT access token obtained from /auth/token

Response

Webhook secret regenerated successfully

success

boolean

Example:

true

status

integer

Example:

200

message

string

data

object

Show child attributes

​Regenerate Webhook Secret

​Request

​Response

​When to Regenerate

​After Regenerating

Authorizations

Response

Regenerate Webhook Secret

Request

Response

When to Regenerate

After Regenerating