WebhookSecretGracePeriod

  • Type: stringenum

    How long the previous signing secret stays valid for verification alongside the newly issued one. During the grace window, every outbound webhook delivery's X-Webhook-Signature header carries one v1=<sig> entry per active secret — verification with either of your stored secrets passes — so consumers can roll their stored secret forward without dropped events.

    When to use which:

    • 24h (default) — routine rotation. Right for almost every case.
    • 48h — gives the receiving team a full business-hours window to deploy.
    • 7d / 14d / 30d — orgs with strict change-management windows or external integration teams that need lead time.
    • immediate — incident response only (the previous secret is known to be compromised). Kills the old secret at once; in-flight deliveries the customer hasn't yet verified will fail.
    values
    • immediate
    • 24h
    • 48h
    • 7d
    • 14d
    • 30d