> ## Documentation Index
> Fetch the complete documentation index at: https://doc.hpay.host-sl.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rotate Signing Secret

> Replace a subscription's signing secret.

Generates a new signing secret for the subscription and retires the old one. Update your endpoint's verification secret immediately after rotating.

<Warning>
  The new `secret` is returned **only in this response** — store it before
  discarding the old one.
</Warning>

### Path Parameters

<ParamField path="subscription_id" type="string" required>
  The subscription whose secret to rotate.
</ParamField>

### Response

<ResponseField name="id" type="string">
  The new secret's ID.
</ResponseField>

<ResponseField name="secret" type="string">
  The new signing secret — shown once.
</ResponseField>

<ResponseField name="secret_preview" type="string">
  The last few characters, for identification.
</ResponseField>

<ResponseField name="rotated_from_id" type="string">
  The ID of the secret this one replaced.
</ResponseField>

<ResponseExample>
  ```json 200 theme={null}
  {
    "id": "a1b2c3d4-...",
    "secret": "whsec_new5e6f7...",
    "secret_preview": "...7Xw2",
    "rotated_from_id": "9z8y7x6w-..."
  }
  ```

  ```json 404 theme={null}
  {
    "detail": "Subscription not found"
  }
  ```
</ResponseExample>

<RequestExample>
  ```bash cURL theme={null}
  curl --request POST \
    --url https://hpay-api.host-sl.com/api/v1/webhooks/subscriptions/7c1d2e3f-.../rotate-secret \
    --header 'api-key: YOUR_API_KEY' \
    --header 'secret-key: YOUR_SECRET_KEY'
  ```

  ```python Python theme={null}
  from hostpay import HostPay

  client = HostPay(api_key="YOUR_API_KEY", secret_key="YOUR_SECRET_KEY")

  rotated = client.webhooks.subscriptions.rotate_secret("7c1d2e3f-...")
  store_secret(rotated["secret"])  # shown once!
  ```

  ```typescript TypeScript theme={null}
  import { HostPay } from "@hostpay/sdk";

  const client = new HostPay({ apiKey: "YOUR_API_KEY", secretKey: "YOUR_SECRET_KEY" });

  const rotated = await client.webhooks.subscriptions.rotateSecret("7c1d2e3f-...");
  storeSecret(rotated.secret); // shown once!
  ```
</RequestExample>
