Qodex.ai

Create Resource Client Secret

POST {{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret

The POST /environments/{{environmentID}}/resources/{{resourceID}}/secret operation generates a new resource client secret. Any non-custom resources will return a 404 response.

This request supports optional parameters in the request body to designate the replaced secret as a previous secret that remains valid for a specified period, up to 30 days.

Best practices

  • Do not store a resource's client secret in applications that are publicly available.

  • For security purposes, regenerate client secrets regularly.

  • If you suspect a resource's client secret has been compromised, generate a new client secret immediately.

Prerequisites

Important: When you change your resource's secret, PingOne endpoints that use the resource secret to authenticate requests must change to use the updated resource secret value. Secret values must be updated for /as/token, /as/introspect, /as/par, and /as/revoke requests if the associated application specifies any of these tokenEndpointAuthMethod values:

  • CLIENT_SECRET_BASIC

  • CLIENT_SECRET_POST

  • CLIENT_SECRET_JWT

In addition, you must update any login_hint_token or request objects that use the resource client secret as the signing key.

Request Body

{"previous"=>{"expiresAt"=>"2024-01-02T13:54:34.487Z"}}

RESPONSES

status: OK

{"_links":{"self":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13/secret"},"environment":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"resource":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13"}},"environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"secret":"zaopVd.XwHcgm_Lf4Eo","previous":{"secret":"5t_pCSKzwlA.31jkP","expiresAt":"2024-01-02T13:54:34.487Z"}}