> ## Documentation Index
> Fetch the complete documentation index at: https://getconvoy.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Roll endpoint secret

> This endpoint expires and re-generates the endpoint secret.



## OpenAPI

````yaml put /v1/projects/{projectID}/endpoints/{endpointID}/expire_secret
openapi: 3.0.0
info:
  contact:
    email: support@getconvoy.io
    name: Convoy Support
    url: https://getconvoy.io/docs
  description: >-
    Convoy is a fast and secure webhooks proxy. This document contains
    datastore.s API specification.
  license:
    name: Mozilla Public License 2.0
    url: https://www.mozilla.org/en-US/MPL/2.0/
  termsOfService: https://getconvoy.io/terms
  title: Convoy API Reference
  version: 24.1.4
servers:
  - url: https://us.getconvoy.cloud/api
    description: US Region
  - url: https://eu.getconvoy.cloud/api
    description: EU Region
security: []
tags:
  - description: Subscription related APIs
    name: Subscriptions
  - description: Endpoint related APIs
    name: Endpoints
  - description: Event related APIs
    name: Events
  - description: Source related APIs
    name: Sources
  - description: EventDelivery related APIs
    name: Event Deliveries
  - description: Delivery Attempt related APIs
    name: Delivery Attempts
  - description: Portal Links related APIs
    name: Portal Links
  - description: Meta Events related APIs
    name: Meta Events
  - description: Event Types related APIs
    name: EventTypes
  - description: Filters related APIs
    name: Filters
  - description: Onboard related APIs
    name: Onboard
paths:
  /v1/projects/{projectID}/endpoints/{endpointID}/expire_secret:
    put:
      tags:
        - Endpoints
      summary: Roll endpoint secret
      description: This endpoint expires and re-generates the endpoint secret.
      operationId: ExpireSecret
      parameters:
        - description: Project ID
          in: path
          name: projectID
          required: true
          schema:
            type: string
        - description: Endpoint ID
          in: path
          name: endpointID
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/models.ExpireSecret'
        description: Expire Secret Body Parameters
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/util.ServerResponse'
                  - properties:
                      data:
                        $ref: '#/components/schemas/models.EndpointResponse'
                    type: object
          description: OK
        '400':
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/util.ServerResponse'
                  - properties:
                      data:
                        $ref: '#/components/schemas/handlers.Stub'
                    type: object
          description: Bad Request
        '401':
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/util.ServerResponse'
                  - properties:
                      data:
                        $ref: '#/components/schemas/handlers.Stub'
                    type: object
          description: Unauthorized
        '404':
          content:
            application/json:
              schema:
                allOf:
                  - $ref: '#/components/schemas/util.ServerResponse'
                  - properties:
                      data:
                        $ref: '#/components/schemas/handlers.Stub'
                    type: object
          description: Not Found
      security:
        - ApiKeyAuth: []
components:
  schemas:
    models.ExpireSecret:
      properties:
        expiration:
          description: >-
            Amount of time to wait before expiring the old endpoint secret.

            If AdvancedSignatures is turned on for the project, signatures for
            both secrets will be generated up until

            the old signature is expired.
          type: integer
        secret:
          description: New Endpoint secret value.
          type: string
      type: object
    util.ServerResponse:
      properties:
        message:
          type: string
        status:
          type: boolean
      type: object
    models.EndpointResponse:
      properties:
        advanced_signatures:
          type: boolean
        authentication:
          $ref: '#/components/schemas/datastore.EndpointAuthentication'
        content_type:
          type: string
        created_at:
          type: string
        deleted_at:
          type: string
        description:
          type: string
        events:
          type: integer
        failure_rate:
          type: number
        http_timeout:
          type: integer
        mtls_client_cert:
          allOf:
            - $ref: '#/components/schemas/datastore.MtlsClientCert'
          description: mTLS client certificate configuration
        name:
          type: string
        owner_id:
          type: string
        project_id:
          type: string
        rate_limit:
          type: integer
        rate_limit_duration:
          type: integer
        secrets:
          items:
            $ref: '#/components/schemas/datastore.Secret'
          type: array
        slack_webhook_url:
          type: string
        status:
          $ref: '#/components/schemas/datastore.EndpointStatus'
        support_email:
          type: string
        uid:
          type: string
        updated_at:
          type: string
        url:
          type: string
      type: object
    handlers.Stub:
      type: object
    datastore.EndpointAuthentication:
      properties:
        api_key:
          $ref: '#/components/schemas/datastore.ApiKey'
        basic_auth:
          $ref: '#/components/schemas/datastore.BasicAuth'
        oauth2:
          $ref: '#/components/schemas/datastore.OAuth2'
        type:
          $ref: '#/components/schemas/datastore.EndpointAuthenticationType'
      type: object
    datastore.MtlsClientCert:
      properties:
        client_cert:
          description: ClientCert is the client certificate PEM string
          type: string
        client_key:
          description: ClientKey is the client private key PEM string
          type: string
      type: object
    datastore.Secret:
      properties:
        created_at:
          type: string
        deleted_at:
          type: string
        expires_at:
          type: string
        uid:
          type: string
        updated_at:
          type: string
        value:
          type: string
      type: object
    datastore.EndpointStatus:
      enum:
        - active
        - inactive
        - paused
      type: string
      x-enum-varnames:
        - ActiveEndpointStatus
        - InactiveEndpointStatus
        - PausedEndpointStatus
    datastore.ApiKey:
      properties:
        header_name:
          type: string
        header_value:
          type: string
      type: object
    datastore.BasicAuth:
      properties:
        password:
          type: string
        username:
          type: string
      type: object
    datastore.OAuth2:
      properties:
        audience:
          type: string
        authentication_type:
          $ref: '#/components/schemas/datastore.OAuth2AuthenticationType'
        client_id:
          type: string
        client_secret:
          description: Encrypted at rest
          type: string
        expiry_time_unit:
          allOf:
            - $ref: '#/components/schemas/datastore.OAuth2ExpiryTimeUnit'
          description: Expiry time unit (seconds, milliseconds, minutes, hours)
        field_mapping:
          allOf:
            - $ref: '#/components/schemas/datastore.OAuth2FieldMapping'
          description: Field mapping for flexible token response parsing
        grant_type:
          type: string
        issuer:
          type: string
        scope:
          type: string
        signing_algorithm:
          type: string
        signing_key:
          allOf:
            - $ref: '#/components/schemas/datastore.OAuth2SigningKey'
          description: Encrypted at rest
        subject:
          type: string
        url:
          type: string
      type: object
    datastore.EndpointAuthenticationType:
      enum:
        - api_key
        - oauth2
        - basic_auth
      type: string
      x-enum-varnames:
        - APIKeyAuthentication
        - OAuth2Authentication
        - BasicAuthentication
    datastore.OAuth2AuthenticationType:
      enum:
        - shared_secret
        - client_assertion
      type: string
      x-enum-varnames:
        - SharedSecretAuth
        - ClientAssertionAuth
    datastore.OAuth2ExpiryTimeUnit:
      enum:
        - seconds
        - milliseconds
        - minutes
        - hours
      type: string
      x-enum-varnames:
        - ExpiryTimeUnitSeconds
        - ExpiryTimeUnitMilliseconds
        - ExpiryTimeUnitMinutes
        - ExpiryTimeUnitHours
    datastore.OAuth2FieldMapping:
      properties:
        access_token:
          description: >-
            Field name for access token (e.g., "accessToken", "access_token",
            "token")
          type: string
        expires_in:
          description: >-
            Field name for expiry time (e.g., "expiresIn", "expires_in",
            "expiresAt")
          type: string
        token_type:
          description: Field name for token type (e.g., "tokenType", "token_type")
          type: string
      type: object
    datastore.OAuth2SigningKey:
      properties:
        crv:
          description: EC (Elliptic Curve) key fields
          type: string
        d:
          description: Private key (EC only)
          type: string
        dp:
          description: RSA first factor CRT exponent (RSA private key only)
          type: string
        dq:
          description: RSA second factor CRT exponent (RSA private key only)
          type: string
        e:
          description: RSA public exponent (RSA only)
          type: string
        kid:
          description: Key ID
          type: string
        kty:
          description: 'Key type: "EC" or "RSA"'
          type: string
        'n':
          description: RSA key fields
          type: string
        p:
          description: RSA first prime factor (RSA private key only)
          type: string
        q:
          description: RSA second prime factor (RSA private key only)
          type: string
        qi:
          description: RSA first CRT coefficient (RSA private key only)
          type: string
        x:
          description: X coordinate (EC only)
          type: string
        'y':
          description: Y coordinate (EC only)
          type: string
      type: object
  securitySchemes:
    ApiKeyAuth:
      in: header
      name: Authorization
      type: apiKey

````