Skip to main content
POST
/
v1
/
webhooks
/
{id}
/
rotate-secret
Rotate Webhook Signing Secret
curl --request POST \
  --url https://api.anchorbrowser.io/v1/webhooks/{id}/rotate-secret \
  --header 'anchor-api-key: <api-key>'
{
  "id": "wh_01HXJ4MZ7K9P3Q6R8S2T4V5W7Y",
  "project_id": "5d2c31f6-ab7e-481a-b6fd-8b4a96a4e197",
  "url": "https://your-app.example.com/anchor/webhooks",
  "description": "Production task notifications",
  "subscribed_events": [],
  "enabled": true,
  "created_at": "2023-11-07T05:31:56Z",
  "updated_at": "2023-11-07T05:31:56Z",
  "secret": "36da51b166a69268a59a8d5ee0b32c9f5e5aaee7d301c7a5a36844318e116fc6"
}

Authorizations

anchor-api-key
string
header
required

API key passed in the header

Path Parameters

id
string
required

Webhook id.

Response

New signing secret issued.

Same shape as WebhookPublic plus the freshly minted signing secret. Returned ONLY by create and rotate-secret. Store it the first time — Anchor never returns it again. If lost, rotate to mint a new one.

id
string
required

Webhook id. Use as the path parameter on subsequent calls.

Example:

"wh_01HXJ4MZ7K9P3Q6R8S2T4V5W7Y"

project_id
string<uuid>
required

The project (team) the webhook belongs to.

Example:

"5d2c31f6-ab7e-481a-b6fd-8b4a96a4e197"

url
string<uri>
required

HTTPS URL Anchor will POST events to.

Example:

"https://your-app.example.com/anchor/webhooks"

description
string | null
required

Optional human-readable description.

Maximum string length: 256
Example:

"Production task notifications"

subscribed_events
enum<string>[]
required

Event types this webhook is currently subscribed to.

Catalog of webhook event types Anchor can deliver. Adding a new event type is a coordinated change between session-manager (publisher), webhook-dispatcher (consumer), and the dashboard.

Available options:
task.completed,
task.failed,
task.cancelled,
task.healed,
session.completed,
session.failed,
session.recording.ready,
batch.completed,
batch.failed,
intervention.requested,
intervention.resolved,
identity.authenticated,
identity.authentication_failed
enabled
boolean
required

When false, no events fan out to this webhook.

Example:

true

created_at
string<date-time> | null
required
updated_at
string<date-time> | null
required
secret
string
required

HMAC-SHA256 signing secret. Use this to verify the Anchor-Signature header on each delivery.

Example:

"36da51b166a69268a59a8d5ee0b32c9f5e5aaee7d301c7a5a36844318e116fc6"