> ## Documentation Index
> Fetch the complete documentation index at: https://docs.opencomputer.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Webhook

Update a destination — pause/resume, retune filters, change the URL, or rotate the secret. See [Webhooks](/sandboxes/webhooks).

<ParamField path="id" type="string" required>
  Destination ID (`whk_…`).
</ParamField>

<ParamField body="url" type="string">
  New HTTPS endpoint.
</ParamField>

<ParamField body="eventTypes" type="string[]">
  Replace the event-type allow-list (unknown types are rejected with `400`). Pass `null` to clear it (deliver all types).
</ParamField>

<ParamField body="enabled" type="boolean">
  Pause (`false`) or resume (`true`) delivery. Pausing does **not** drop events — events that occur while paused are queued and delivered when you re-enable.
</ParamField>

<ParamField body="rotateSecret" type="boolean">
  Rotate to a **new** generated signing secret, returned as `secret` in the response. The previous secret stays valid for a short rollover window so in-flight deliveries still verify. (To set a specific secret, create a new destination.)
</ParamField>

<ParamField body="name" type="string">
  Rename the destination.
</ParamField>

`sandboxId` (scope) is **immutable** — set it at create; it can't be changed here. The current signing secret is re-fetchable any time via [`GET /api/webhooks/{id}/secret`](/api-reference/webhooks/get).

<ResponseExample>
  ```json 200 theme={null}
  {
    "id": "whk_3f9a2c",
    "name": "prod",
    "url": "https://app.example.com/oc-webhook",
    "eventTypes": ["sandbox.stopped", "sandbox.ready"],
    "sandboxId": null,
    "enabled": true,
    "hasSecret": true,
    "createdAt": "2026-06-24T12:00:00Z",
    "updatedAt": "2026-06-24T12:05:00Z"
  }
  ```
</ResponseExample>
