Webhooks
Rotate the HMAC-SHA256 Signing Secret for a Webhook
Regenerate the HMAC-SHA256 signing secret for a webhook subscription. The new secret is returned once and must be stored immediately.
POST
/
api
/
v1
/
enterprise
/
eudr
/
webhooks
/
{webhookId}
/
rotate-secret
Python
import agribackup
from agribackup.rest import ApiException
# Initialize Client
configuration = agribackup.Configuration(host="https://live.agribackup.com/api/v1")
configuration.api_key['ApiKeyAuth'] = 'sk_live_YOUR_API_KEY'
with agribackup.ApiClient(configuration) as api_client:
try:
api_instance = agribackup.EnterpriseWebhooksApi(api_client)
response = api_instance.rotate_secret()
print(response)
except ApiException as e:
print("Exception when calling API: %s\n" % e)import { AgriBackupClient } from '@agribackup/sdk';
// Initialize Client
const client = new AgriBackupClient({
apiKey: 'sk_live_YOUR_API_KEY',
baseUrl: 'https://live.agribackup.com/api/v1'
});
async function execute() {
try {
const response = await client.webhooks.rotateSecret();
console.log(response);
} catch (error) {
console.error(error);
}
}import com.agribackup.client.*;
import com.agribackup.client.api.*;
import com.agribackup.client.model.*;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://live.agribackup.com/api/v1");
defaultClient.setApiKey("sk_live_YOUR_API_KEY");
EnterpriseWebhooksApi apiInstance = new EnterpriseWebhooksApi(defaultClient);
try {
Object result = apiInstance.rotateSecret();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling API: " + e.getResponseBody());
}
}
}using System;
using System.Threading.Tasks;
using AgriBackup.SDK.Api;
using AgriBackup.SDK.Client;
using AgriBackup.SDK.Model;
class Program {
static async Task Main() {
Configuration config = new Configuration();
config.BasePath = "https://live.agribackup.com/api/v1";
config.AddApiKey("ApiKeyAuth", "sk_live_YOUR_API_KEY");
var apiInstance = new EnterpriseWebhooksApi(config);
try {
var result = await apiInstance.RotateSecretAsync();
Console.WriteLine(result);
} catch (ApiException e) {
Console.WriteLine("Exception when calling API: " + e.Message);
}
}
}curl --request POST \
--url https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret \
--header 'X-API-Key: <api-key>'const options = {method: 'POST', headers: {'X-API-Key': '<api-key>'}};
fetch('https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"X-API-Key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret"
req, _ := http.NewRequest("POST", url, nil)
req.Header.Add("X-API-Key", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}require 'uri'
require 'net/http'
url = URI("https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["X-API-Key"] = '<api-key>'
response = http.request(request)
puts response.read_body{}Generates a new HMAC-SHA256 signing secret for the specified webhook subscription and invalidates the previous secret immediately. Use this endpoint if a secret is compromised, lost, or requires rotation as part of your security policy.
The new
signingSecret is returned only once in the response to this call. Store it immediately in a secrets manager. After rotating, update your signature verification logic to use the new secret — payloads signed with the old secret will fail validation instantly.Rotation Procedure
To rotate a webhook secret safely without dropping events:- Call this endpoint to generate the new secret.
- Store the new secret alongside the old one in your secrets store temporarily.
- Update your webhook handler to accept signatures verified by either secret during a brief transition window.
- Once you confirm all in-flight payloads have been processed, remove the old secret from your handler.
import requests
webhook_id = "wh_12345"
headers = {"X-API-Key": "sk_live_YOUR_API_KEY"}
response = requests.post(
f"https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhook_id}/rotate-secret",
headers=headers,
)
new_secret = response.json()
print(new_secret)
const webhookId = "wh_12345";
const response = await fetch(
`https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/${webhookId}/rotate-secret`,
{
method: "POST",
headers: { "X-API-Key": "sk_live_YOUR_API_KEY" },
}
);
const newSecret = await response.json();
console.log(newSecret);
curl -X POST \
"https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/wh_12345/rotate-secret" \
-H "X-API-Key: sk_live_YOUR_API_KEY"
List Active Webhook Subscriptions and Endpoints
Previous
Cryptographic Handshake Ping for Webhook Validation
Next
⌘I
Python
import agribackup
from agribackup.rest import ApiException
# Initialize Client
configuration = agribackup.Configuration(host="https://live.agribackup.com/api/v1")
configuration.api_key['ApiKeyAuth'] = 'sk_live_YOUR_API_KEY'
with agribackup.ApiClient(configuration) as api_client:
try:
api_instance = agribackup.EnterpriseWebhooksApi(api_client)
response = api_instance.rotate_secret()
print(response)
except ApiException as e:
print("Exception when calling API: %s\n" % e)import { AgriBackupClient } from '@agribackup/sdk';
// Initialize Client
const client = new AgriBackupClient({
apiKey: 'sk_live_YOUR_API_KEY',
baseUrl: 'https://live.agribackup.com/api/v1'
});
async function execute() {
try {
const response = await client.webhooks.rotateSecret();
console.log(response);
} catch (error) {
console.error(error);
}
}import com.agribackup.client.*;
import com.agribackup.client.api.*;
import com.agribackup.client.model.*;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://live.agribackup.com/api/v1");
defaultClient.setApiKey("sk_live_YOUR_API_KEY");
EnterpriseWebhooksApi apiInstance = new EnterpriseWebhooksApi(defaultClient);
try {
Object result = apiInstance.rotateSecret();
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling API: " + e.getResponseBody());
}
}
}using System;
using System.Threading.Tasks;
using AgriBackup.SDK.Api;
using AgriBackup.SDK.Client;
using AgriBackup.SDK.Model;
class Program {
static async Task Main() {
Configuration config = new Configuration();
config.BasePath = "https://live.agribackup.com/api/v1";
config.AddApiKey("ApiKeyAuth", "sk_live_YOUR_API_KEY");
var apiInstance = new EnterpriseWebhooksApi(config);
try {
var result = await apiInstance.RotateSecretAsync();
Console.WriteLine(result);
} catch (ApiException e) {
Console.WriteLine("Exception when calling API: " + e.Message);
}
}
}curl --request POST \
--url https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret \
--header 'X-API-Key: <api-key>'const options = {method: 'POST', headers: {'X-API-Key': '<api-key>'}};
fetch('https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"X-API-Key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret"
req, _ := http.NewRequest("POST", url, nil)
req.Header.Add("X-API-Key", "<api-key>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}require 'uri'
require 'net/http'
url = URI("https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhookId}/rotate-secret")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["X-API-Key"] = '<api-key>'
response = http.request(request)
puts response.read_body{}