Webhook Signature Key Rotation Policy Updated
Stricter key rotation windows and clearer operator notifications for signed callbacks.
Webhook signing keys now follow a tighter rotation window with overlapping validity periods to reduce operational risk.
Operators receive pre-rotation notices and can validate signatures using dual-key verification during transition windows.
This update improves resilience without introducing integration downtime for existing callback consumers.