Regenerate the webhook signing secret
POST/settings/webhook/secretRegenerate the webhook signing secret. The previous secret keeps working for a 24 hour grace window, during which events are signed with both secrets, so deliveries do not fail while you roll out the new one. The response returns previous_secret_expires_at (null when there was no previous secret).
Headers
| Header | Description | Required |
|---|---|---|
| Authorization | Bearer token with your secret API key | yes |
Example Request
Request
const response = await fetch('https://checkout-api.exodus-int.com/settings/webhook/secret', {
method: 'POST',
headers: {
Authorization: 'Bearer sk_live_xxxxxxxxxxxxxxxx',
},
});Responses
| Status | Description |
|---|---|
| 200 | The new webhook secret. |
| 400 | Validation error |
| 401 | Missing or invalid authentication |
| 422 | No webhook configured. |
Response body
| Field | Type | Required | Description |
|---|---|---|---|
| webhook_secret | string | yes | |
| previous_secret_expires_at | string | null | yes |
Example Response
{
"webhook_secret": "whsec_1234567890abcdef1234567890abcdef",
"previous_secret_expires_at": "2026-07-02T00:00:00.000Z"
}Error Response
Error (e.g. 400)
{
"error": {
"type": "validation_error",
"message": "amount must be a positive number",
"param": "amount"
}
}