> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mobilerun.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate signing secret

> Generates a new signing secret for the webhook subscription and returns it once in the response. The previous secret is replaced immediately, so any signature verification on your endpoint must be updated to use the new value.



## OpenAPI

````yaml /api-reference/webhooks.yaml post /webhooks/{id}/rotate-secret
openapi: 3.1.0
info:
  title: Webhooks
  version: v1
servers:
  - url: https://api.mobilerun.ai
    description: Droidrun Cloud API
security:
  - bearerAuth: []
paths:
  /webhooks/{id}/rotate-secret:
    post:
      tags:
        - Webhooks
      summary: Rotate signing secret
      description: >-
        Generates a new signing secret for the webhook subscription and returns
        it once in the response. The previous secret is replaced immediately, so
        any signature verification on your endpoint must be updated to use the
        new value.
      operationId: rotateWebhookSecret
      parameters:
        - schema:
            type: string
            format: uuid
            example: 550e8400-e29b-41d4-a716-446655440000
          required: true
          name: id
          in: path
      responses:
        '200':
          description: New signing secret (shown once)
          content:
            application/json:
              schema:
                type: object
                properties:
                  data:
                    type: object
                    properties:
                      id:
                        type: string
                        format: uuid
                      url:
                        type: string
                      eventTypes:
                        type: array
                        items:
                          type: string
                      state:
                        type: string
                        enum:
                          - ACTIVE
                          - DISABLED
                          - DELETED
                      health:
                        type: string
                        enum:
                          - healthy
                          - failing
                          - blocked
                        description: >-
                          System-observed delivery health. `blocked` endpoints
                          are auto-disabled after sustained failure; PATCH
                          state=ACTIVE to re-enable.
                      blockedAt:
                        type:
                          - string
                          - 'null'
                      blockedReason:
                        type:
                          - string
                          - 'null'
                      signingEnabled:
                        type: boolean
                      description:
                        type:
                          - string
                          - 'null'
                      createdAt:
                        type: string
                      updatedAt:
                        type: string
                      secret:
                        type: string
                        description: Signing secret — shown only once. Store it now.
                    required:
                      - id
                      - url
                      - eventTypes
                      - state
                      - health
                      - blockedAt
                      - blockedReason
                      - signingEnabled
                      - description
                      - createdAt
                      - updatedAt
                      - secret
                required:
                  - data
        '401':
          description: Unauthorized
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                type: object
                properties:
                  error:
                    type: string
                required:
                  - error
        '500':
          description: Internal Server Error
      x-codeSamples:
        - lang: JavaScript
          source: >-
            import Mobilerun from '@mobilerun/sdk';


            const client = new Mobilerun({
              apiKey: process.env['MOBILERUN_CLOUD_API_KEY'], // This is the default and can be omitted
            });


            const response = await
            client.webhooks.rotateSecret('550e8400-e29b-41d4-a716-446655440000');


            console.log(response.data);
        - lang: Python
          source: |-
            import os
            from mobilerun_sdk import Mobilerun

            client = Mobilerun(
                api_key=os.environ.get("MOBILERUN_CLOUD_API_KEY"),  # This is the default and can be omitted
            )
            response = client.webhooks.rotate_secret(
                "550e8400-e29b-41d4-a716-446655440000",
            )
            print(response.data)
        - lang: Go
          source: "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/stainless-sdks/droidrun-cloud-go\"\n\t\"github.com/stainless-sdks/droidrun-cloud-go/option\"\n)\n\nfunc main() {\n\tclient := mobileruncloud.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\tresponse, err := client.Webhooks.RotateSecret(context.TODO(), \"550e8400-e29b-41d4-a716-446655440000\")\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\tfmt.Printf(\"%+v\\n\", response.Data)\n}\n"
        - lang: CLI
          source: |-
            mobilerun-cloud webhooks rotate-secret \
              --api-key 'My API Key' \
              --id 550e8400-e29b-41d4-a716-446655440000
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: Opaque
      description: Bearer token via Authorization header

````