Rotate the webhook signing secret for a line

Mints a new HMAC signing secret. Rotation is a two-call flow: the first call stages the new secret into webhook_secret_next while webhook_secret_current keeps signing traffic; the second call ≥24h later promotes next → current and mints a fresh next. The 24h overlap gives integrators time to deploy the new secret to every receiver before signed traffic changes. The secret is returned exactly once — there is no read endpoint. Losing the returned value means rotating again. Rate limited to 10 rotations per hour per user+line.

Mints a new HMAC signing secret. Rotation is a two-call flow: the first call stages the new secret into `webhook_secret_next` while `webhook_secret_current` keeps signing traffic; the second call ≥24h later promotes `next → current` and mints a fresh `next`. The 24h overlap gives integrators time to deploy the new secret to every receiver before signed traffic changes. The secret is returned exactly once — there is no read endpoint. Losing the returned value means rotating again. Rate limited to 10 rotations per hour per user+line.

Authentication

AuthorizationBearer

Send as Authorization: Bearer <your-key>. Obtain keys from the portal — prefix sk_live_ for production, sk_test_ for sandbox.

Path parameters

idstringRequiredformat: "uuid"

Line ID

Response

Secret rotated

webhook_secretstring

The new signing secret, 64 hex characters. Returned exactly once.

rotated_atdatetime

When the rotation was committed (ISO 8601)

promoted_previous_nextboolean

true when the prior webhook_secret_next was aged >24h and was promoted to current as part of this call. false on the first call of a fresh rotation cycle.

Errors

401

Unauthorized Error

404

Not Found Error

429

Too Many Requests Error

1	const url = 'https://saperly.com/api/v1/lines/id/webhook-secret/rotate';
2	const options = {
3	method: 'POST',
4	headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
5	body: '{}'
6	};
7
8	try {
9	const response = await fetch(url, options);
10	const data = await response.json();
11	console.log(data);
12	} catch (error) {
13	console.error(error);
14	}

1	{
2	"webhook_secret": "a1b2c3d4e5f67890123456789abcdef0123456789abcdef0123456789abcdef0",
3	"rotated_at": "2024-06-15T09:30:00.000Z",
4	"promoted_previous_next": false
5	}