RotateWebhookSecretResp

The newly generated signing secret. Returned ONCE here and never retrievable again — store it immediately. Outbound deliveries are signed with this secret going forward (and additionally with the previous secret until the grace window expires).

When the previous secret stops being valid. Absent when gracePeriod: "immediate" was supplied — the previous secret was killed the moment this response was returned. Until this timestamp, delivery X-Webhook-Signature headers carry one v1=<sig> entry per active secret; verification with either of your stored secrets passes.