Rotate the signing secret

curl --request POST \
  --url https://api.paystack.com/v1/notifications/webhooks/{id}/rotate-secret \
  --header 'Authorization: Bearer <token>'

{
  "status": true,
  "message": "Signing secret rotated",
  "code": "ok",
  "data": {
    "id": "whr_01HXYZABC1234567890ABCDEFG",
    "signing_secret": "whsec_K5x...base64...=="
  },
  "meta": {
    "request_id": "req_01HXYZ4K5ABCDEFGHJKLMNPQRS",
    "timestamp": "2026-05-14T15:43:55.732Z",
    "version": "1"
  }
}

Notification Webhooks

Rotate the signing secret

Rotate the signing secret for a webhook endpoint. Returns a new signing_secret (prefixed whsec_) in plaintext — this is the only time it is shown, so store it immediately.

Rotate the secret if the current one may have been exposed. After rotation, verify incoming deliveries against the new secret.

Example

POST /v1/notifications/webhooks/whr_01HXYZABC1234567890ABCDEFG/rotate-secret

POST

notifications

webhooks

{id}

rotate-secret

Rotate the signing secret

curl --request POST \
  --url https://api.paystack.com/v1/notifications/webhooks/{id}/rotate-secret \
  --header 'Authorization: Bearer <token>'

{
  "status": true,
  "message": "Signing secret rotated",
  "code": "ok",
  "data": {
    "id": "whr_01HXYZABC1234567890ABCDEFG",
    "signing_secret": "whsec_K5x...base64...=="
  },
  "meta": {
    "request_id": "req_01HXYZ4K5ABCDEFGHJKLMNPQRS",
    "timestamp": "2026-05-14T15:43:55.732Z",
    "version": "1"
  }
}

Authorizations

Authorization

string

header

required

API key issued during merchant onboarding.

Path Parameters

string

required

Pattern: [^\/#\?]+?

Response

Signing secret rotated

status

enum<boolean>

required

Available options:

true

Example:

true

message

string

required

Human-readable summary

Example:

"Signing secret rotated"

code

enum<string>

required

Available options:

ok

Example:

"ok"

data

object

required

Show child attributes