Roll webhook secret
Generate a new signing secret for the webhook. You can set a transition period (up to 24 hours) during which both old and new secrets are valid, allowing you to update your verification logic without downtime.
Authorizations
API key authentication. Pass your API key as a Bearer token in the Authorization header.
Path Parameters
Webhook identifier
^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"fb5e5168-4281-4bec-94c5-0d1584e9e657"
Body
Number of hours before the old secret expires. Set to 0 to expire immediately. Maximum 24 hours. During the transition period, both old and new secrets are valid for signature verification.
0 <= x <= 246
Response
Default Response
Unique identifier for the webhook
^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"fb5e5168-4281-4bec-94c5-0d1584e9e657"
Identifier of the company that owns this webhook
^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"fb5e5168-4281-4bec-94c5-0d1584e9e657"
Whether the webhook is currently active and receiving events
true
List of event types this webhook subscribes to. APP_CREATE - application created. APP_UPDATE - application updated. APP_DELETE - application deleted. APP_DEPLOY - application deployed. DATABASE_CREATE - database created. DATABASE_UPDATE - database updated. DATABASE_DELETE - database deleted. STATIC_SITE_CREATE - static site created. STATIC_SITE_UPDATE - static site updated. STATIC_SITE_DELETE - static site deleted. STATIC_SITE_DEPLOY - static site deployed.
APP_CREATE, APP_UPDATE, APP_DELETE, APP_DEPLOY, DATABASE_CREATE, DATABASE_UPDATE, DATABASE_DELETE, STATIC_SITE_CREATE, STATIC_SITE_UPDATE, STATIC_SITE_DELETE, STATIC_SITE_DEPLOY ["APP_DEPLOY", "APP_CREATE"]Webhook signing secret used to verify event payloads. Prefixed with whsec_.
"whsec_abc123..."
Previous signing secret, available temporarily after rolling the secret to allow graceful migration
null
Timestamp when the old secret expires, in ISO 8601 format. Null if no old secret exists.
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$null
URL where webhook events are delivered via HTTP POST
"https://example.com/webhooks"
Optional human-readable description for the webhook
"Production deploy notifications"
Identifier of the API key that created the webhook
"fb5e5168-4281-4bec-94c5-0d1584e9e657"
Identifier of the API key that last updated the webhook
null
Timestamp when the webhook was created, in ISO 8601 format
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$"2025-01-30T00:00:00.000Z"
Timestamp when the webhook was last modified, in ISO 8601 format
^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z))$"2025-01-30T00:00:00.000Z"