/config/{app_id}/clients/{client_id}/secret

Client secrets serve as the password for API clients. For example, to call a REST API you must supply both the client ID (effectively the client "username") and the client secret. Client secrets are meant to be just that: secret. If you believe a client secret has been compromised, you can use the /config/{app_id}/clients/{client_id}/secret endpoint to generate a new client secret. That's a process roughly equivalent to resetting your password.

This endpoint includes the following methods:

  • PUT


PUT

Description

Resets the client secret for an API client. The client secret, for our purposes, is the password for the API client, and should be reset if you believe this secret has been exposed to unauthorized users, if a user who had access to the secret has left your organization, and so on. 

When resetting a client secret, the request body of your API call must include the hoursToLive property. When you reset a client secret, the new secret takes effect immediately; at the same time, you can allow the old secret to remain in effect for as long as one week (168 hours). (That means that, for the specified amount of time, the API client will have two valid secrets: the old secret and the new secret.) The specified amount of time is dictated by the hoursToLive property, which can be set to any integer value between 0 hours and 168 hours, inclusive. Setting hoursToLive to 0 causes the old secret to expire as soon as the new secret takes effect.

Your API call must have the owner permission in order to reset a client secret.

Authentication

This endpoint supports Basic authentication. 

How to Create an Authentication String

Base URL

The base URL for this endpoint is your Janrain Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


https://v1.api.us.janrain.com/config/htb8fuhxnf8e38jrzub3c7pfrr        

Allowed regions are:

  • us 
  • eu 
  • au 
  • sa 
  • cn
  • sg

Sample Request (curl)

This command resets the client secret for the API client with the client ID nmub5w3rru9k6rzupqaeb7bbwv6jn658. In addition, it sets the hoursToLive property to 4 hours:


curl -X PUT \
https://api.datateam.dev.or.janrain.com/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7/secret \
  -H 'Authorization: Basic aW1fYV...NfbXk=' \
  -H 'Content-Type: application/json' \
  -d '{    
     "hoursToLive": "4"'
}


      Running this command in Postman

Responses

200 OK

If the client secret is successfully reset, the new secret will be displayed onscreen:


{
   "secret": "gd98kuyeg4xegv9t5es72x8r374nhgf"
}

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code

Description

400

Error Message: Missing data for required field.

You failed to include hoursToLive property.

400

Error Message: Must be between 0 and 168.

The hoursToLive property must be set to an integer value between 0 and 168, inclusive.

401/403

Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.

404

Error Message: Client ID not found.
Error Message: Application ID not found.

You did not provide a valid application and/or client ID.

If you encounter an error when calling this endpoint that error message will look similar to this:


{
   "errors": "Authentication required."
}