Skip to main content
POST
/
api
/
v1
/
webhook_endpoints
/
{id}
/
roll_secret
curl -X POST https://api.agentcard.sh/api/v1/webhook_endpoints/wh_abc123/roll_secret \
  -H "Authorization: Bearer sk_test_..."

{
  "id": "wh_abc123",
  "object": "webhook_endpoint",
  "url": "https://your-app.example.com/webhooks/agentcard",
  "enabled_events": ["card.*"],
  "status": "active",
  "description": "production receiver",
  "consecutive_failures": 0,
  "last_success_at": "2026-05-17T13:42:00.000Z",
  "disabled_at": null,
  "created_at": "2026-05-17T12:00:00.000Z",
  "updated_at": "2026-05-17T14:30:00.000Z",
  "secret": "whsec_new_3a4b5c6d7e8f…"
}
Generates a fresh signing secret for the endpoint and returns it. The old secret stops working immediately — there is no overlap window. For zero-downtime rotation, create a second endpoint with the new secret, deploy your receiver, then delete the old endpoint. 
curl -X POST https://api.agentcard.sh/api/v1/webhook_endpoints/wh_abc123/roll_secret \
  -H "Authorization: Bearer sk_test_..."

{
  "id": "wh_abc123",
  "object": "webhook_endpoint",
  "url": "https://your-app.example.com/webhooks/agentcard",
  "enabled_events": ["card.*"],
  "status": "active",
  "description": "production receiver",
  "consecutive_failures": 0,
  "last_success_at": "2026-05-17T13:42:00.000Z",
  "disabled_at": null,
  "created_at": "2026-05-17T12:00:00.000Z",
  "updated_at": "2026-05-17T14:30:00.000Z",
  "secret": "whsec_new_3a4b5c6d7e8f…"
}