Rotate webhook secret

curl --request POST \
  --url http://api-sandbox.fexpayments.com/merchant/api/v1/counters/{counterID}/rotate-secret \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "webhook_secret": "a3f8c2e1d4b7a9f0e2c5b8d1a4f7c0e3d6b9a2f5c8e1d4b7a0f3c6e9d2b5a8f1",
  "note": "Update your webhook handler immediately — the old secret is no longer valid."
}

POST

merchant

api

counters

{counterID}

rotate-secret

Rotate webhook secret

curl --request POST \
  --url http://api-sandbox.fexpayments.com/merchant/api/v1/counters/{counterID}/rotate-secret \
  --header 'Authorization: Bearer <token>'

{
  "success": true,
  "webhook_secret": "a3f8c2e1d4b7a9f0e2c5b8d1a4f7c0e3d6b9a2f5c8e1d4b7a0f3c6e9d2b5a8f1",
  "note": "Update your webhook handler immediately — the old secret is no longer valid."
}

Authorizations

Authorization

string

header

required

Keycloak JWT. Roles: admin (platform admin — can register merchants, act on behalf of any merchant), merchant (dashboard user — scoped to their own merchant_id via user attribute mapper), POS terminals use client credentials flow with merchant_id injected via protocol mapper.

Path Parameters

counterID

string<uuid>

required

Counter ID

Response

New webhook secret generated

success

boolean

Example:

true

webhook_secret

string

New HMAC-SHA256 signing secret (64 hex chars). Store securely — shown only once.

Example:

"a3f8c2e1d4b7a9f0e2c5b8d1a4f7c0e3d6b9a2f5c8e1d4b7a0f3c6e9d2b5a8f1"

note

string

Example:

"Update your webhook handler immediately — the old secret is no longer valid."

Deactivate counter Initiate reverse QR payment (counter scan)

⌘I

Onboarding

API Reference

Payment Intents

Counters

Admin

Public

Rotate webhook secret

Authorizations

Path Parameters

Response