Client secrets serve as the password for API clients. For example, to call a REST API you must supply both the client ID (effectively the client "username") and the client secret. Client secrets are meant to be just that: secret. If you believe a client secret has been compromised, you can use the /config/{app_id}/clients/{client_id}/secret endpoint to generate a new client secret. That's a process roughly equivalent to resetting your password.

This endpoint includes the following methods:

  • PUT



Resets the client secret for an API client. The client secret, for our purposes, is the password for the API client, and should be reset if you believe this secret has been exposed to unauthorized users, if a user who had access to the secret has left your organization, and so on. 

When resetting a client secret, the request body of your API call must include the hoursToLive property. When you reset a client secret, the new secret takes effect immediately; at the same time, you can allow the old secret to remain in effect for as long as one week (168 hours). (That means that, for the specified amount of time, the API client will have two valid secrets: the old secret and the new secret.) The specified amount of time is dictated by the hoursToLive property, which can be set to any integer value between 0 hours and 168 hours, inclusive. Setting hoursToLive to 0 causes the old secret to expire as soon as the new secret takes effect.

Your API call must have the owner permission in order to reset a client secret.


This endpoint supports Basic authentication. To create an authentication string, combine your API client ID, a colon (:), and your client secret into a single value. For example, if your client ID is abcdefg and your client secret is hijklmnop, that value would look like this:


Next, take the string and base64 encode it.

For example, on a Mac, you can base encode the string using this command:

echo -n "abcdefg:hijklmnop" | base64

If you’re running Microsoft Windows, you can encode the string by using a Windows PowerShell command similar to this:


The resulting value (e.g., YWJjZGVmZzpoaWprbG1ub3A=) should be used in your authentication header.

If you are making API calls using Postman, select Basic Auth as your identification type, then use the client ID as the username and the client secret as the password.

Make sure that your API client has the all the permissions (for example, the right to read user profile information) needed to complete the API call.

Base URL

The base URL for this endpoint is your Janrain Configuration API domain followed by /config/ followed by your application ID. For example, if you are in the US region and your application ID is htb8fuhxnf8e38jrzub3c7pfrr, then your base URL would be:


Allowed regions are:

  • us 
  • eu 
  • au 
  • sa 
  • cn

Sample Request (curl)

This command resets the client secret for the API client with the client ID nmub5w3rru9k6rzupqaeb7bbwv6jn658. In addition, it sets the hoursToLive property to 4 hours:

curl -X PUT \
 https://api.datateam.dev.or.janrain.com/config/73jzx34tnr5ruhsze494ssgz2b/clients/3bchk5hsx6v58dkn288nbybmxfyk32u7/secret \
  -H 'Authorization: Basic aW1fYV...NfbXk=' \
  -H 'Content-Type: application/json' \
  -d '{    
     "hoursToLive": "4"

Running Code Samples Using Postman

The Janrain REST API code samples are written using Curl, but they can easily be run from within Postman. To use one of our code samples in Postman:

  1. Click the Copy to Clipboard button located directly beneath the code sample
  2. In Postman, click Import to display the Import dialog box.
  3. In the Import dialog box, click Paste Raw Text, and then paste in the copied code. The Import dialog box should look similar to this:

  4. Click Import, and the Curl command will be converted to a format that can be run from within Postman. All you need to do now is configure the command to work with your Janrain implementation.


200 OK

If the client secret is successfully reset, the new secret will be displayed onscreen:

   "secret": "gd98kuyeg4xegv9t5es72x8r374nhgf"

Error Codes

The following table includes information about some of the error codes that you could encounter when calling this endpoint.

Error Code



Error Message: Missing data for required field.

You failed to include hoursToLive property.


Error Message: Must be between 0 and 168.

The hoursToLive property must be set to an integer value between 0 and 168, inclusive.


Error Message: Authentication required.

You either failed to provide credentials or provided invalid credentials. This endpoint requires Basic authentication.


Error Message: Client ID not found.
Error Message: Application ID not found.

You did not provide a valid application and/or client ID.

If you encounter an error when calling this endpoint that error message will look similar to this:

   "errors": "Authentication required."