Rotate the event-signing HMAC secret

Rotate the HMAC secret used to sign events delivered to the partner's queue. Either supply a partner-generated high-entropy secret (≥32 bytes, base64 or hex) or omit it to have the server generate one and return it exactly once. The previous secret remains valid for the grace window so signature verifiers can be rolled without dropping events. **Status: not yet implemented.** Returns `503 service_unavailable` with `Retry-After: 86400`. The outbound event publisher is not live yet — contact your TAIH integration contact.

Authorization

OrgId

org-id<token>

Tenant identifier resolved by Kong from the authenticated taih-tenant-key. Required on partner-scoped routes (e.g. POST /v1/users, POST /v1/auth/token, /v1/admin/*). In production Kong injects this header after validating the tenant key; local-dev callers must set it themselves.

In: header

Header Parameters

org-id?string|null

x-user-id?string|null

x-request-id?string|null

traceparent?string|null

Idempotency-Key?|null

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

new_signing_secret?|

Optional partner-supplied secret. Omit to have the server generate one.

grace_period_seconds?Grace Period Seconds

Seconds the previous secret remains valid for signature verification.

Default86400

Range1 <= value <= 604800

Response Body

`application/json`

curl -X POST "https://loading/v1/auth/signing-secret/rotate" \  -H "Content-Type: application/json" \  -d '{}'

{
  "data": {
    "signing_secret_rotated_at": "string",
    "previous_secret_expires_at": "string"
  }
}

{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Empty

Authorization

Header Parameters

Request Body

Response Body

200application/json

422application/json

503

`application/json`

`application/json`