FlowRelay Docs Shopify Flow
Website → Start setup →
All docs pages

START

USE CASES

SET UP

OPERATE

RECOVER

AGENT ACCESS

REFERENCE

Setup

Rotate credentials

Rotate an endpoint secret deliberately. FlowRelay shows the new full secret once and never reveals the previous full secret.

Next step Read Send your first test event.

Steps

Complete these in order.

  1. 01Open the endpoint detail page for the sender that needs a new secret.
  2. 02Confirm the sender owner is ready to update their private configuration immediately after rotation.
  3. 03Rotate the endpoint secret in FlowRelay and copy the new value only into the sender's private secret manager.
  4. 04Confirm the sender no longer uses the previous secret because the old value stops working after rotation.
  5. 05Send one synthetic test event and open the receipt to confirm authentication succeeds.
  6. 06Share only the receipt outcome or diagnostics package if troubleshooting is needed. Do not paste the new secret, old secret, full auth header, or signature into support.

When to rotate #

Rotate when a secret may have been exposed, a partner no longer needs access, a sender changes ownership, or an operator wants a clean credential handoff.

What changes #

The endpoint URL stays the same. The endpoint secret changes, the new value is shown once, and later screens show only safe secret metadata such as the last four characters.

Agent boundary #

An authorized agent may prepare or execute a rotation only when the grant includes the required scope. It still cannot retrieve old secrets, Shopify tokens, session data, raw payloads, or database credentials.