/
Rotating Client Secret Key

Rotating Client Secret Key

Owned by Yashna Chhatwal (Unlicensed)
Last updated: Apr 10, 2020 by Ajay Sharma
1 min read

This feature allows you to generate a new secret key in case your API credentials have been exposed.

API credentials should be changed regularly:

  • employees leave

  • API credentials can be accidentally committed to version control

  • Wide-reaching security flaws can be discovered

While these situations pose security risks, they can be handled by rotating API credentials of your APP.

Before you start

  • You should have a configured app.

How it works

  1. Login into the partner dashboard.

  2. Go to App. All your created apps will be visible on this page.

  3. Select the app.

  4. You will be directed to App Settings page.

  5. Click on app information tab.

  6. In app credentials section, click on Generate new secret.

  7. If your app uses webhooks, then configure it to accept both webhooks signed with the new secret key and webhooks signed with the old secret key until after you revoke the old secret.

  8. Configure your app to use only the new secret key for OAuth Authentication.

  9. Create new access tokens.

  10. Revoke the old secret key.

In the case of a serious security breach, you should immediately revoke your compromised API credentials before you generate new ones. 

Related content