> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vast.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# rotate notification webhook secret

> Rotate the webhook signing secret. Store the returned secret immediately.



## OpenAPI

````yaml /api-reference/openapi.yaml post /api/v0/webhooks/{id}/rotate-secret/
openapi: 3.1.0
info:
  title: Vast.ai API
  description: >-
    Vast.ai REST API for managing GPU cloud instances, machine operations, and
    AI/ML workflows.


    ## AI Agent Quick-Start


    Install the CLI skill for your agent (Claude Code, Cursor, Windsurf, etc.):
      npx skills add vast-ai/vast-cli

    CLI reference:
    https://raw.githubusercontent.com/vast-ai/vast-cli/master/vastai/SKILL.md

    SDK reference:
    https://raw.githubusercontent.com/vast-ai/vast-cli/master/vastai_sdk/SKILL.md


    ## Auth

    All endpoints require `Authorization: Bearer $VAST_API_KEY`.

    Get your key at: https://cloud.vast.ai/manage-keys/


    ## Key Quirks

    - `gpu_ram` in CLI = GB; in REST API = MB (CLI auto-converts)

    - SSH keys must be registered BEFORE creating an instance (VM: no recovery;
    Docker: can add post-create)

    - `onstart` field is limited to 4048 characters -- gzip+base64 for longer
    scripts

    - `POST /api/v0/asks/{id}/` (create instance) returns `new_contract` as the
    instance ID, not `id`

    - Poll trap: if `actual_status` becomes `exited`, `unknown`, or `offline` it
    will never reach `running` -- destroy and retry
  version: 1.0.0
  contact:
    name: Vast.ai Support
    url: https://discord.gg/vast
servers:
  - url: https://console.vast.ai
    description: Production server
security:
  - BearerAuth: []
paths:
  /api/v0/webhooks/{id}/rotate-secret/:
    post:
      tags:
        - Notifications
      summary: rotate notification webhook secret
      description: >-
        Rotate the webhook signing secret. Store the returned secret
        immediately.
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
          description: Webhook ID.
      responses:
        '200':
          description: Webhook secret rotated successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  webhook:
                    $ref: '#/components/schemas/NotificationWebhookWithSecret'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
      security:
        - BearerAuth: []
components:
  schemas:
    NotificationWebhookWithSecret:
      allOf:
        - $ref: '#/components/schemas/NotificationWebhook'
        - type: object
          properties:
            webhook_secret:
              type: string
              description: Secret used to verify `X-Vast-Signature-256`.
              example: <WEBHOOK_SECRET>
    Error:
      type: object
      properties:
        success:
          type: boolean
          example: false
        error:
          type: string
        msg:
          type: string
    NotificationWebhook:
      type: object
      properties:
        id:
          type: integer
          example: 42
        user_id:
          type: integer
          example: 123
        name:
          type: string
          nullable: true
          example: Ops notifications
        webhook_url:
          type: string
          format: uri
          example: https://example.com/vast/webhooks
        event_types:
          type: array
          items:
            type: string
          example:
            - client:low_credit
            - host:machine_offline
        created_at:
          type: number
          format: float
          example: 1772490000
        updated_at:
          type: number
          format: float
          example: 1772490000
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: API key must be provided in the Authorization header

````