Skip to main content
POST
/
webhook
/
signature
/
rotate
Rotate webhook signing secret
curl --request POST \
  --url 'https://partner-api.ochy-prod.com/webhook/signature/rotate?apiKey='
{
  "enabled": true,
  "algorithm": "HMAC-SHA256",
  "last4": "7Tq2",
  "created_at": "2026-03-23T10:45:00Z",
  "updated_at": "2026-03-23T11:15:00Z",
  "secret": "YOUR_NEW_SIGNING_SECRET"
}

Authorizations

apiKey
string
query
required

Your API key, passed as a query parameter on every request.

Response

New webhook signing secret generated.

Webhook signing configuration. The secret field is returned only when generated or rotated.

enabled
boolean

Whether Ochy signs webhook requests.

Example:

true

algorithm
enum<string>

Signature algorithm used for webhook requests.

Available options:
HMAC-SHA256
Example:

"HMAC-SHA256"

last4
string

Last four characters of the current signing secret, for identification.

Example:

"n6p8"

created_at
string<date-time>

When the current signing secret was created (ISO 8601 UTC).

Example:

"2026-03-23T10:45:00Z"

updated_at
string<date-time>

When the signature configuration was last updated (ISO 8601 UTC).

Example:

"2026-03-23T10:45:00Z"

secret
string

Full signing secret. Returned only when generated or rotated; store it securely.

Example:

"YOUR_GENERATED_SIGNING_SECRET"