Issue a new signing secret with 7-day overlap
POST /v1/webhooks/{id}/rotate_secret
Issues a new HMAC secret and stamps the currently-active one with expires_at = NOW() + 7 days. Deliveries during the overlap sign with both secrets — every signature header carries multiple v1= values; receivers accept if any verifies.
Update your server to accept the new secret BEFORE the old one expires (day 7), or deliveries silently fail signature verification on your end. Subscribe to webhook.endpoint_degraded on a different endpoint to catch the failure.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Responses
Section titled “ Responses ”New secret issued.
object
Raw new secret, returned once. whsec_ prefix.
When the previous secret expires. Null if there was no previous active secret.
Invalid query / parameters.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}Missing / malformed / revoked API key.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}No row matched.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}Unexpected server error.
object
Human-readable error summary.
HTTP-status-level class. Stable enum; branch on details.reason for finer control. Current values: invalid_query, invalid_slug, invalid_license_id, invalid_jurisdiction_code, invalid_pagination, not_found, auth_required, auth_invalid, auth_revoked, payment_required, quota_exceeded, rate_limited, server_error.
object
Machine-readable refinement of the top-level code. Stable vocabulary; branch on this in clients. Examples: invalid_input, missing_required_parameter, conflicting_parameters, operator_not_found, license_not_found, jurisdiction_not_found, route_not_found, api_key_missing, malformed_header, api_key_invalid, api_key_revoked, quota_exceeded, internal_error.
Present only when the error maps to a specific request input field (query param, path param, body key). Omitted for errors that aren’t field-scoped (e.g. rate_limited, auth_revoked).
Optional human-readable / agent-actionable hint describing how to resolve the error.
{ "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored."}{ "error": "API key has been revoked", "code": "auth_revoked", "details": { "reason": "api_key_revoked", "suggestion": "Generate a new API key at https://app.igregulator.io/settings. Revoked keys cannot be restored." }}