Secrets
- Last UpdatedJan 20, 2023
- 9 minute read
Secrets are used to authenticate both client credential clients and hybrid clients. A secret has an expiration date or can be created to never expire. We advise to avoid creating secrets that do not expire. After a secret expires, it can no longer be used to authenticate the client. While a secret is still valid, any access token issued will be active until the token itself expires. The same applies to refresh tokens, which are issued to hybrid clients. Safe storage of secrets is your responsibility. The platform does not store secret values, so once lost, there is no way to retrieve the value of a secret.
List Client Credential Client Secrets
Returns all secrets for a client credential client. Total number of secrets in the client set in the Total-Count header.
Request
GET /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets
?query={query}&skip={skip}&count={count}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret[] | List of secret information corresponding to the specified client credential client |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret[])
[
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
]
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
Get Total Count of Client Credential Client Secrets
Returns the total number of secrets in a client credential client. The value will be set in the Total-Count header. This method is identical to the GET method, but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Client credential client secret header information |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Client or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
Add Client Credential Client Secret
Adds a new secret to a client credential client. A client can have a maximum of 10 secrets. We advise against creating secrets that do not expire.
Request
POST /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Request Body
ClientSecretCreateOrUpdate object.
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 201 | ClientSecretResponse | Information about the created secret |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
201 Response (ClientSecretResponse)
{
"Id": 0,
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Secret": "string"
}
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
Get Client Credential Client Secret
Returns a client credential client secret.
Request
GET /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret | Information about the specified secret |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret)
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
Get Header for Client Credential Client Secret
Validates that a secret with a given unique identifier exists in the client. This method is identical to the GET method, but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Header for specified client secret |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Secret, client, or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
Update Client Credential Client Secret
Updates a client credential client secret. It can take up to one hour for the update to manifest in the authentication process.
Request
PUT /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Request Body
ClientSecretCreateOrUpdate object. Properties that are not set or are null will not be changed.
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret | Information about the updated secret |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret)
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
Authorization
Allowed for these roles:
- Tenant Administrator
Delete Client Credential Client Secret
Deletes a secret from a client credential client. It can take up to one hour for deletion to manifest in the authentication process. Access tokens issued using this secret will be valid until their expiration.
Request
DELETE /api/v1/Tenants/{tenantId}/ClientCredentialClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 204 | None | No content |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Self
- Tenant Administrator
List Hybrid Client Secrets
Returns all secrets for a hybrid client. Total number of secrets in the client set in the Total-Count header.
Request
GET /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets
?query={query}&skip={skip}&count={count}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
[optional] string query
(Not supported) Search string identifier.[optional] integer skip
Parameter representing the zero-based offset of the first object to retrieve. If unspecified, a default value of 0 is used.[optional] integer count
Parameter representing the maximum number of objects to retrieve. If unspecified, a default value of 100 is used.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret[] | List of hybrid client secret information corresponding to the specified client credential client |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret[])
[
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
]
Authorization
Allowed for these roles:
- Tenant Administrator
Get Total Count of Hybrid Client Secrets
Returns total number of secrets in a hybrid client. The value will be set in the Total-Count header. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Headers for hybrid client secret |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Client or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Add Hybrid Client Secret
Adds a new secret to a hybrid client. A client can have a maximum of 10 secrets. We advise against creating secrets that do not expire.
Request
POST /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.
Request Body
ClientSecretCreateOrUpdate object
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 201 | ClientSecretResponse | Information about created hybrid client secret |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Client or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
201 Response (ClientSecretResponse)
{
"Id": 0,
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Secret": "string"
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Hybrid Client Secret
Returns a hybrid client secret.
Request
GET /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret | Information about specified hybrid client secret |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret)
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
Authorization
Allowed for these roles:
- Tenant Administrator
Get Header for Hybrid Client Secret
Validates that a secret unique identifier exists in the client. This method is identical to the GET method but it does not return any objects in the body.
Request
HEAD /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | None | Header for hybrid client secret |
| 401 | None | Unauthorized. |
| 403 | None | Forbidden. |
| 404 | None | Secret, client, or tenant not found |
| 500 | None | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Update Hybrid Client Secret
Updates a hybrid client secret. It can take up to one hour for the update to manifest in the authentication process.
Request
PUT /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Request Body
ClientSecretCreateOrUpdate object. Properties that are not set or are null will not be changed.
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string"
}
Response
| Status Code | Body Type | Description |
|---|---|---|
| 200 | ClientSecret | Information about updated hybrid client secret |
| 400 | ErrorResponse | Missing or invalid inputs. |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Example response body
200 Response (ClientSecret)
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
Authorization
Allowed for these roles:
- Tenant Administrator
Delete Hybrid Client Secret
Deletes a secret from a hybrid client. It can take up to one hour for deletion to manifest in the authentication process. Access tokens issued using this secret will be valid until their expiration.
Request
DELETE /api/v1/Tenants/{tenantId}/HybridClients/{clientId}/Secrets/{secretId}
Parameters
string tenantId
Tenant identifier.string clientId
Client identifier.integer secretId
Secret identifier.
Response
| Status Code | Body Type | Description |
|---|---|---|
| 204 | None | No content |
| 401 | ErrorResponse | Unauthorized. |
| 403 | ErrorResponse | Forbidden. |
| 404 | ErrorResponse | Secret, client, or tenant not found |
| 408 | ErrorResponse | Operation timed out. |
| 500 | ErrorResponse | Internal server error. |
Authorization
Allowed for these roles:
- Tenant Administrator
Definitions
ClientSecret
Client secret object
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Expiration | date-time | false | true | Expiration date for the client secret. Will be null if the secret does not expire. |
| Expires | boolean | false | true | Value indicating whether the secret expires. Defaults to true. If Expires is set to true (or null) and expiration is not null, expiration of this secret will be enforced. If Expires is set to true (or null) and expiration is null, a 400 error will be returned. If Expires is set to false and expiration is not null, a 400 error will be returned. If Expires is set to false and expiration is null, there will be no expiration of this secret. |
| Description | string | false | true | Description for the client secret. We suggest being as descriptive as possible. This field will make identifying secrets easier. |
| Id | int32 | false | false | Identifier of this client secret |
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Id": 0
}
ErrorResponse
Object returned whenever there is an error
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| OperationId | string | true | false | Operation identifier of action that caused the error |
| Error | string | true | false | Error description |
| Reason | string | true | false | Reason for the error |
| Resolution | string | true | false | Resolution to resolve the error |
| DynamicProperties | object | false | true | Additional properties |
{
"OperationId": "string",
"Error": "string",
"Reason": "string",
"Resolution": "string",
"DynamicProperties": {
"property1": null,
"property2": null
},
"property1": null,
"property2": null
}
ClientSecretResponse
Object returned after a client secret is created
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Id | int32 | false | false | Identifier of this client secret |
| Expiration | date-time | false | true | Expiration date for the client secret. Will be null if the secret does not expire. |
| Expires | boolean | false | true | Value indicating whether the secret expires. Defaults to true. If Expires is set to true (or null) and expiration is not null, expiration of this secret will be enforced. If Expires is set to true (or null) and expiration is null, a 400 error will be returned. If Expires is set to false and expiration is not null, a 400 error will be returned. If Expires is set to false and expiration is null, there will be no expiration of this secret. |
| Description | string | false | true | Description for the client secret. We suggest being as descriptive as possible. This field will make identifying secrets easier. |
| Secret | string | false | true | Client secret |
{
"Id": 0,
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string",
"Secret": "string"
}
ClientSecretCreateOrUpdate
Object to write a client secret
Properties
| Property Name | Data Type | Required | Nullable | Description |
|---|---|---|---|---|
| Expiration | date-time | false | true | Expiration date for the client secret. Will be null if the secret does not expire. |
| Expires | boolean | false | true | Value indicating whether the secret expires. Defaults to true. If Expires is set to true (or null) and expiration is not null, expiration of this secret will be enforced. If Expires is set to true (or null) and expiration is null, a 400 error will be returned. If Expires is set to false and expiration is not null, a 400 error will be returned. If Expires is set to false and expiration is null, there will be no expiration of this secret. |
| Description | string | false | true | Description for the client secret. We suggest being as descriptive as possible. This field will make identifying secrets easier. |
{
"Expiration": "2019-08-24T14:15:22Z",
"Expires": true,
"Description": "string"
}