post https://api.banking.netevia.dev/api/Partners/webhooks/
Action: Generate New Secret for Partner's Webhook
Description:
This API method generates a new secret key for a specific partner webhook. Webhook secrets are used to securely sign webhook payloads, allowing the partner to verify that the requests originated from the banking application service. Rotating the webhook secret is a best practice for maintaining security, especially if the current secret is suspected to be compromised.
Endpoint:
POST https://api.banking.netevia.dev/api/Partners/webhooks/{id}
Functionality:
- Purpose: Replaces the current secret associated with a webhook with a newly generated one.
- Use Case: Typically used when the existing secret has been exposed or as part of regular security hygiene (e.g., periodic secret rotation).
Request Headers:
Authorization: Bearer token (required for partner authentication)Content-Type:application/json
Path Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
id | int32 | Yes | The unique identifier of the webhook for which the secret should be regenerated. |
Example Request:
POST /api/Partners/webhooks/123 HTTP/1.1
Host: api.banking.netevia.dev
Authorization: Bearer {partnerToken}
Content-Type: application/jsonResponse Codes:
- 200 OK: Secret successfully generated.
- 400 Bad Request: Invalid webhook ID or malformed request.
- 401 Unauthorized: Authentication token is missing or invalid.
- 404 Not Found: No webhook found with the specified ID.
- 500 Internal Server Error: An error occurred while generating the new secret.
Notes:
- Security: Once a new secret is generated, the old one becomes invalid. Partners must update their signature verification logic to use the new secret immediately.
- Best Practices: Keep the secret secure and rotate it periodically or after any suspected compromise.