Rotate Webhook Secret - 0xinsider API

cURL

curl -sS \
  -X POST \
  -H 'Authorization: Bearer $OXI_SK' \
  -H 'Content-Type: application/json' \
  -d '{}' \
  'https://api.0xinsider.com/api/v1/webhooks/{id}/rotate-secret'

{
  "object": "<string>",
  "data": {
    "id": 123,
    "object": "<string>",
    "name": "<string>",
    "url": "<string>",
    "event_types": [],
    "verification_token_expires_at": "2023-11-07T05:31:56Z",
    "failure_count": 123,
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "retry_policy": {
      "max_attempts": 123,
      "terminal_status": "<string>"
    },
    "verified_at": "2023-11-07T05:31:56Z",
    "signing_secret": "<string>",
    "verification": {
      "token": "<string>",
      "expires_at": "2023-11-07T05:31:56Z"
    }
  },
  "meta": {
    "request_id": "<string>",
    "cached": true,
    "cache_age_s": 123
  }
}

POST

api

webhooks

{id}

rotate-secret

cURL

curl -sS \
  -X POST \
  -H 'Authorization: Bearer $OXI_SK' \
  -H 'Content-Type: application/json' \
  -d '{}' \
  'https://api.0xinsider.com/api/v1/webhooks/{id}/rotate-secret'

{
  "object": "<string>",
  "data": {
    "id": 123,
    "object": "<string>",
    "name": "<string>",
    "url": "<string>",
    "event_types": [],
    "verification_token_expires_at": "2023-11-07T05:31:56Z",
    "failure_count": 123,
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "retry_policy": {
      "max_attempts": 123,
      "terminal_status": "<string>"
    },
    "verified_at": "2023-11-07T05:31:56Z",
    "signing_secret": "<string>",
    "verification": {
      "token": "<string>",
      "expires_at": "2023-11-07T05:31:56Z"
    }
  },
  "meta": {
    "request_id": "<string>",
    "cached": true,
    "cache_age_s": 123
  }
}

Generate a fresh signing secret for a webhook. The response includes the new secret once, so copy it immediately. The old secret stops working the moment this call returns. Deploy the new secret to your verification code before you rotate.

curl -X POST \
  -H "Authorization: Bearer $OXINSIDER_API_KEY" \
  -H "Idempotency-Key: webhook-rotate-2026-06-01" \
  "https://api.0xinsider.com/api/v1/webhooks/42/rotate-secret"

Rotate right away if a secret leaks (committed to git, exposed in a log, sent in a screenshot). Use Idempotency-Key when retrying a rotate after a timeout. A matching retry returns the same one-time secret response instead of rotating again.

Authorizations

Authorization

string

header

required

API key: Authorization: Bearer oxi_sk_live_... for live data (requires an active Insider subscription), or oxi_sk_test_... for sandbox/test mode (free account, deterministic fixture data, no live rows). Both key classes use the same paths; the prefix selects live vs sandbox.

Headers

Idempotency-Key

string

Optional safe-retry key. Reuse the same value only when retrying the exact same mutation request body; a different body returns 422 and an in-flight matching request returns 409.

Required string length: 1 - 255

Path Parameters

integer<int64>

required

Webhook endpoint id owned by the authenticated API key user.

Response

Webhook destination

object

string

required

Allowed value: "webhook"

data

object

required

Show child attributes