Skip to main content
POST
/
v1
/
monitors
/
{id}
/
webhook-secret
/
rotate
Rotate the monitor webhook signing secret
const options = {method: 'POST', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.arcmira.com/v1/monitors/{id}/webhook-secret/rotate', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
import requests

url = "https://api.arcmira.com/v1/monitors/{id}/webhook-secret/rotate"

headers = {"Authorization": "Bearer <token>"}

response = requests.post(url, headers=headers)

print(response.text)
curl --request POST \
--url https://api.arcmira.com/v1/monitors/{id}/webhook-secret/rotate \
--header 'Authorization: Bearer <token>'
{
  "webhookSecret": "<string>",
  "webhookSecretHint": "<string>",
  "previousSecretExpiresAt": "<string>"
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}
{
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"doc_url": "<string>",
"request_id": "<string>",
"param": "<string>"
}
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Response

Success

webhookSecret
string
required

The NEW webhook signing secret ("whsec_..."). Returned only once. Store it securely; it cannot be retrieved later. To recover from a lost secret, rotate.

webhookSecretHint
string
required

Last 4 characters of the new secret, for identifying which secret you hold.

previousSecretExpiresAt
string | null
required

End of the 24-hour overlap window. Until then, deliveries carry an additional X-Arcmira-Signature-Previous header computed with the previous secret over the same {timestamp}.{payload} string, so you can verify with either secret while you roll. Null when the monitor had no previous secret (nothing to overlap).