Skip to main content
POST
/
webhooks
/
{webhookId}
/
rotate-secret
Rotate webhook signing secret
curl --request POST \
  --url https://core.cyberun.cloud/api/v1/webhooks/{webhookId}/rotate-secret \
  --header 'Authorization: Bearer <token>'
{
  "webhook_secret": "whsec_b2c3d4e5f6g7h8i9j0k1"
}

Documentation Index

Fetch the complete documentation index at: https://docs.cyberun.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

User session JWT (Bearer ). Must be paired with the X-Team-ID request header on team-scoped endpoints so the server knows which team's resources to operate on.

Headers

X-Team-ID
string<uuid>

UUID of the team to scope the request to. Used by dual-auth endpoints (runtime + scoped management):

  • JWT callers MUST send it — a user may belong to multiple teams and the runtime cannot otherwise know which one to operate on. Missing header → 400.
  • Credential callers (sk-, dk-) can omit it because the team is derived from the credential row itself. Any value sent is ignored.
Example:

"019abc12-4567-7890-abcd-ef1234567891"

Path Parameters

webhookId
string<uuid>
required

UUID of the webhook.

Example:

"019abc12-0123-7890-abcd-ef1234567897"

Response

New signing secret

New webhook signing secret after rotation.

webhook_secret
string
required

New HMAC-SHA256 signing secret (prefixed with whsec_). The previous secret is immediately invalidated. Update your verification logic before calling this endpoint.

Example:

"whsec_b2c3d4e5f6g7h8i9j0k1"