question

automation-usa avatar image
automation-usa asked automation-usa commented

Expiring a Production App Secret?

Is it possible to expire and generate a new app secret for a REST API app that is already in production, or is this one of those "immutable" properties?
topic-default
1 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

4 Answers

·
benjamin-dean avatar image
benjamin-dean answered
App Secrets cannot be regenerated. You can create a new application if needed.

Regardless, if you are concerned that your App Key and/or App Secret have been attacked or lost, you should immediately suspend that application in the developer portal and then create a new application.
1 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

automation-usa avatar image
automation-usa answered
Thanks Benjamin.

Don't suspect that, however I wanted to know if at least the App Secret portion could be easily refreshed to help safeguard an application. Other APIs provide that functionality that's why I asked.

Our application is under regular use by customers so it is not something that we could easily suspend and re-create...

That brings me to another important question regarding app versioning. Do we have to go thru app approval process all over again even if it's a minor change such as the redirect uri property?

1 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered automation-usa commented
I think we can create new app key and secret upon request and delete old one. But we cannot update a secret for the same key.

Regarding your second question. Yes, we can apply minor changes to your app upon your  request without re-graduation. You can contact developers support for it privately.
3 comments
1 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

automation-usa avatar image automation-usa commented ·
Hi Anton, 

So we an avoid re-graduation, I'd like to request that Developer Support add the following OAuth Redirects to our production app  (right our app has no redirects):

App Name
RC2FM Connector

redirects
https://service.rc2fm.com/auth_response.php

https://staging.rc2fm.com/auth_response.php

Thanks

PS. Is there a way to constrain redirects to Sandbox or Production use only?
0 Likes 0 ·
anton-nikitin avatar image anton-nikitin commented ·
I have made these changes - should be enabled in Production within 10 minutes. Regading your question: no, redirect URIs now work for all keys.
0 Likes 0 ·
automation-usa avatar image automation-usa commented ·
Thanks Anton
0 Likes 0 ·
automation-usa avatar image
automation-usa answered
Thanks Anton. I appreciate the facts that your apps are carefully curated, it helps protect everyone involved and insures a better outcome.

Having said that, I think some minor things could be submitted by the developer and then reviewed and approved by you without re-graduation.

I will post a request for redirect uri's soon.
1 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.