> ## Documentation Index
> Fetch the complete documentation index at: https://docs.anchorbrowser.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate Webhook Signing Secret

> Mint a new HMAC-SHA256 signing secret. The previous secret remains valid
for 24 hours so you can update your verification code at your own pace,
then drop the old secret.

The new secret is returned exactly once, in the `secret` field.




## OpenAPI

````yaml /openapi.yaml post /v1/webhooks/{id}/rotate-secret
openapi: 3.1.0
info:
  title: AnchorBrowser API
  version: 1.0.0
  description: APIs to manage all browser-related actions and configuration.
servers:
  - url: https://api.anchorbrowser.io
    description: API server
security: []
paths:
  /v1/webhooks/{id}/rotate-secret:
    post:
      tags:
        - Webhooks
      summary: Rotate Webhook Signing Secret
      description: |
        Mint a new HMAC-SHA256 signing secret. The previous secret remains valid
        for 24 hours so you can update your verification code at your own pace,
        then drop the old secret.

        The new secret is returned exactly once, in the `secret` field.
      operationId: rotateWebhookSecret
      parameters:
        - name: id
          in: path
          required: true
          description: Webhook id.
          schema:
            type: string
      responses:
        '200':
          description: New signing secret issued.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WebhookWithSecret'
        '404':
          description: Webhook not found in this project.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlatErrorResponse'
        '500':
          description: Failed to rotate secret.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlatErrorResponse'
      security:
        - api_key_header: []
components:
  schemas:
    WebhookWithSecret:
      description: |
        Same shape as `WebhookPublic` plus the freshly minted signing secret.
        Returned ONLY by create and rotate-secret. Store it the first time —
        Anchor never returns it again. If lost, rotate to mint a new one.
      allOf:
        - $ref: '#/components/schemas/WebhookPublic'
        - type: object
          required:
            - secret
          properties:
            secret:
              type: string
              description: >-
                HMAC-SHA256 signing secret. Use this to verify the
                `Anchor-Signature` header on each delivery.
              example: 36da51b166a69268a59a8d5ee0b32c9f5e5aaee7d301c7a5a36844318e116fc6
    FlatErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Human-readable error message.
        code:
          type: integer
          description: HTTP status code.
      required:
        - error
    WebhookPublic:
      type: object
      description: >-
        A registered webhook subscription. The signing secret is NEVER returned
        by GET/list endpoints.
      required:
        - id
        - project_id
        - url
        - description
        - subscribed_events
        - enabled
        - created_at
        - updated_at
      properties:
        id:
          type: string
          description: Webhook id. Use as the path parameter on subsequent calls.
          example: wh_01HXJ4MZ7K9P3Q6R8S2T4V5W7Y
        project_id:
          type: string
          format: uuid
          description: The project (team) the webhook belongs to.
          example: 5d2c31f6-ab7e-481a-b6fd-8b4a96a4e197
        url:
          type: string
          format: uri
          description: HTTPS URL Anchor will POST events to.
          example: https://your-app.example.com/anchor/webhooks
        description:
          type: string
          nullable: true
          maxLength: 256
          description: Optional human-readable description.
          example: Production task notifications
        subscribed_events:
          type: array
          description: Event types this webhook is currently subscribed to.
          items:
            $ref: '#/components/schemas/WebhookEventType'
        enabled:
          type: boolean
          description: When `false`, no events fan out to this webhook.
          example: true
        created_at:
          type: string
          format: date-time
          nullable: true
        updated_at:
          type: string
          format: date-time
          nullable: true
    WebhookEventType:
      type: string
      description: |
        Catalog of webhook event types Anchor can deliver. Adding a new event
        type is a coordinated change between session-manager (publisher),
        webhook-dispatcher (consumer), and the dashboard.
      enum:
        - task.completed
        - task.failed
        - task.cancelled
        - task.healed
        - session.completed
        - session.failed
        - session.recording.ready
        - batch.completed
        - batch.failed
        - intervention.requested
        - intervention.resolved
        - identity.authenticated
        - identity.authentication_failed
  securitySchemes:
    api_key_header:
      type: apiKey
      in: header
      name: anchor-api-key
      description: API key passed in the header

````