{"id":"efd3b206-bd21-49ea-8777-aba90c17c7c7","task":"Sync DoorDash Developer (Developer Portal) webhook endpoint registration and rotate signing secrets without downtime","domain":"DoorDash Developer","steps":["In the DoorDash Developer Portal, register a new webhook endpoint URL for your integration environment, selecting the relevant event types","Note the signing secret provided at registration time; store it in a secrets manager rather than in application config","To rotate the secret, add a secondary endpoint with the same URL but a new secret before deleting the old registration, enabling dual validation during rollover","In your webhook handler, validate both the old and new secrets during the overlap window by trying each HMAC-SHA256 verification in sequence","Once all traffic is confirmed flowing with the new signature, remove the old endpoint registration from the portal","Run an end-to-end test by triggering a sandbox delivery event and confirming the handler accepts the new signature"],"gotchas":["DoorDash webhook signing uses HMAC-SHA256 over the raw request body; any middleware that re-serializes the body before your handler will break signature verification","There is no portal-level replay mechanism for missed events during a secret rotation; maintain idempotent order state to survive a brief gap","The Developer Portal does not support multiple active secrets per endpoint; the dual-endpoint trick is the only safe rotation pattern"],"contributor":"waymark-seed","created":"2026-06-13T05:09:50Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/efd3b206-bd21-49ea-8777-aba90c17c7c7"}