Skip to main content
POST
/
webhooks
/
secret
/
regenerate
Regenerate Webhook Secret
curl --request POST \
  --url https://api.fyatu.com/api/v3/webhooks/secret/regenerate \
  --header 'Authorization: Bearer <token>'
{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated successfully",
  "data": {
    "webhookSecret": "whsec_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "regeneratedAt": "2026-01-15T10:30:00+00:00",
    "note": "Store this secret securely. It will not be shown again. Update your webhook handler with this new secret."
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.fyatu.com/llms.txt

Use this file to discover all available pages before exploring further.

Regenerate Webhook Secret

Generate a new webhook secret for signing webhook payloads. This immediately invalidates your previous secret.
After regenerating your secret, you must update your webhook handler with the new secret. Any webhooks sent after regeneration will be signed with the new secret, and verification using the old secret will fail.

Request

curl -X POST https://api.fyatu.com/api/v3/webhooks/secret/regenerate \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
No request body is required.

Response

success
boolean
Whether the request was successful
data
object
{
  "success": true,
  "status": 200,
  "message": "Webhook secret regenerated successfully",
  "data": {
    "webhookSecret": "whsec_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6",
    "regeneratedAt": "2026-01-15T10:30:00+00:00",
    "note": "Store this secret securely. It will not be shown again. Update your webhook handler with this new secret."
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

When to Regenerate

You should regenerate your webhook secret if:
  • Your secret was accidentally exposed
  • An employee with access to the secret has left your organization
  • You want to rotate secrets as a security best practice
  • You suspect unauthorized access to your webhooks

After Regenerating

  1. Copy the new secret from the response immediately
  2. Update your webhook handler with the new secret
  3. Test webhook delivery using the Test Webhook endpoint
  4. Monitor your logs to ensure webhooks are being verified correctly
The old secret is invalidated immediately. There is no grace period. Make sure you’re ready to update your handler before regenerating.

Authorizations

Authorization
string
header
required

JWT access token obtained from /auth/token

Response

Webhook secret regenerated successfully

success
boolean
Example:

true

status
integer
Example:

200

message
string
data
object
meta
object