DoloresDocs
API referenceWebhook endpoints

Rotate the signing secret

Generates a new signing secret and invalidates the old one. The new secret is returned in the `secret` field **once**. Update your handler before the next delivery — old-secret signatures will no longer verify.

POST
/webhook_endpoints/{id}/rotate_secret

Authorization

AuthorizationRequiredBearer <token>

Send your API key in the Authorization header on every request: Authorization: Bearer sk_live_.... Keys are created in the admin UI under Settings → API Keys and are project-scoped.

In: header

Path Parameters

idRequiredstring

Response Body

Endpoint with new plaintext secret.

TypeScript Definitions

Use the response body type in TypeScript.

idRequiredstring
objectRequiredstring
Value in: "webhook_endpoint"
urlRequiredstring

HTTPS URL Dolores POSTs events to.

Format: "uri"
enabledRequiredboolean
event_filtersarray<string>

Event types or wildcards to subscribe to. Empty array (or omitted) subscribes to all events. Supported prefixes: appointment., customer., session.. Wildcards: appointment.*.

@minItems 0

@minItems 0

@minItems 0

@minItems 0

livemodeRequiredboolean
labelstring | null | null
descriptionstring | null | null
secret_prefixstring

First 13 chars of the signing secret (e.g. whsec_8fK2x). Shown for identification only.

secretstring

Plaintext signing secret. Only returned once on create and rotate. Use it to verify the Dolores-Signature header on incoming deliveries.

created_atRequiredstring
Format: "date-time"
updated_atRequiredstring
Format: "date-time"

Resource not found.

TypeScript Definitions

Use the response body type in TypeScript.

errorRequiredobject
curl -X POST "https://app.meetdolores.ai/v1/webhook_endpoints/string/rotate_secret" \
  -H "Authorization: Bearer <token>"
fetch("https://app.meetdolores.ai/v1/webhook_endpoints/string/rotate_secret", {
  headers: {
    "Authorization": "Bearer <token>"
  }
})
package main

import (
  "fmt"
  "net/http"
  "io/ioutil"
)

func main() {
  url := "https://app.meetdolores.ai/v1/webhook_endpoints/string/rotate_secret"

  req, _ := http.NewRequest("POST", url, nil)
  req.Header.Add("Authorization", "Bearer <token>")
  res, _ := http.DefaultClient.Do(req)
  defer res.Body.Close()
  body, _ := ioutil.ReadAll(res.Body)

  fmt.Println(res)
  fmt.Println(string(body))
}
import requests

url = "https://app.meetdolores.ai/v1/webhook_endpoints/string/rotate_secret"

response = requests.request("POST", url, headers = {
  "Authorization": "Bearer <token>"
})

print(response.text)
require 'net/http'
require 'json'
require 'uri'

uri = URI('https://app.meetdolores.ai/v1/webhook_endpoints/whk_01HXY.../rotate_secret')
req = Net::HTTP::Post.new(uri, {
  'Authorization' => "Bearer #{ENV['DOLORES_API_KEY']}",
})
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
puts res.body
<?php
$ch = curl_init('https://app.meetdolores.ai/v1/webhook_endpoints/whk_01HXY.../rotate_secret');
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_HTTPHEADER => [
    'Authorization: Bearer ' . getenv('DOLORES_API_KEY'),
  ],
]);
echo curl_exec($ch);
{
  "id": "whk_01HXY7P3K9ABCDEFGHJKMNPQRS",
  "object": "webhook_endpoint",
  "url": "http://example.com",
  "enabled": true,
  "event_filters": [
    "appointment.*"
  ],
  "livemode": true,
  "label": "string",
  "description": "string",
  "secret_prefix": "string",
  "secret": "string",
  "created_at": "2019-08-24T14:15:22Z",
  "updated_at": "2019-08-24T14:15:22Z"
}
{
  "error": {
    "type": "invalid_request_error",
    "code": "phone_invalid_format",
    "message": "string",
    "param": "string",
    "request_id": "string"
  }
}