Skip to main content
POST
Rotate Webhook Secret

Authorizations

Authorization
string
header
required

Send the credential as Authorization: Bearer <key>.

Scoped partner credentials use the exclusive nxsk_v1_... namespace. Each scoped key is bound at issuance to one organization, one canonical named environment, an explicit engine set, and a least-privilege capability set. A malformed, unknown, rotated, or revoked nxsk_ key fails closed and is never retried as a legacy key.

Capabilities used by this API are runs:write, runs:read, engines:read, catalog:read, webhooks:manage, runs:defensibility:read, runs:test, and converse:use. Operation descriptions name the required capability. Grandfathered nx_live_... and nx_test_... keys retain their existing broad access during the compatibility window.

Path Parameters

endpointID
string<uuid>
required

Webhook endpoint UUID.

Response

New secret generated.

id
string<uuid>
required

Endpoint identifier.

secret
string
required

New signing secret (whsec_...). Displayed only once.

rotation_policy_id
enum<string>
required

live-v1 overlaps for 24 hours; sandbox-v1 for five minutes.

Available options:
live-v1,
sandbox-v1
previous_secret_expires_at
string<date-time>

Exact instant when the previous secret stops being valid.