5.8 Secret Rotation

Coordinate HMAC secret rotation between Payblr and your system. To avoid downtime, your system should temporarily accept both the current secret and the new secret during the rotation window.

• Create a new secret value and store it securely on both sides.
• Configure your system to temporarily accept both the current and new secret.
• Coordinate with Payblr to update the active HMAC signing secret.
• Allow for the agreed transition window before removing the old secret.
• Default Payblr cache TTL is 300 seconds.
• Confirm that your system receives valid signatures with the new secret.
• Remove the old secret from verification after successful rotation.