Rotate the workspace HMAC signing secret

Generates a new HMAC signing secret for the workspace and returns it **once** — the plaintext value is never readable again after this response. The old secret moves to a 24-hour grace window (`signing_secret_previous`) so live subscribers can roll over without dropped events or BYOM turns. During the grace period, Voicebip sends **two** signature headers on every outbound request: - `X-Voicebip-Signature` — signed with the new secret - `X-Voicebip-Signature-Previous` — signed with the old secret Accept either header as valid during your rollout window. Drop the old one after 24 hours. The dashboard shows a one-shot reveal modal at `/workspace#signing-secret`; subsequent `GET /v1/workspace` responses only expose `signing_secret_rotated_at`, never the secret value.

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Response

New signing secret (returned once; store it securely)

signing_secretstring

New HMAC signing secret — returned once and never readable again. Store it in your secret manager immediately.

rotated_atdatetime
UTC timestamp of the rotation.

Errors

401
Rotate Signing Secret Request Unauthorized Error
500
Rotate Signing Secret Request Internal Server Error