Rotate a callback credential
Atomically supersedes a live callback credential with a freshly minted one (same label) and returns the new raw token ONCE. The old credential is revoked in the same transaction.
Authorizations
Bearer token authentication (format: "Bearer {token}")
Path Parameters
Id of the live credential to rotate
"550e8400-e29b-41d4-a716-446655440000"
Response
Created
Mint time (RFC 3339, UTC)
Surrogate id of the minted credential
Raw bearer token, surfaced exactly once; configure it as the X-Callback-Token header value in the external system. Only its SHA-256 hash is stored server-side.
Operator-legible external-system label, echoed for confirmation
Informational inbound-callback URL shape to configure in the external system. The {exceptionId} placeholder is filled per callback.

