PingOne Platform APIs

Update Application Secret

   

POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret

Use the POST {{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret operation to generate a new client_secret value for the specified application resource. This request supports optional parameters in the request body to designate the replaced secret as a "previous" secret that remains valid for a specified period, up to 30 days.

Best practices

  • Do not store an application secret in applications that are publicly available.

  • For security purposes, regenerate application secrets regularly.

  • If you suspect an application secret has been compromised, generate a new application secret immediately.

Prerequisites

When you change your application’s client secret, PingOne endpoints that use the client secret to authenticate requests must change to use the updated client secret value. Secret values must be updated for /as/token, /as/introspect, /as/par, and /as/revoke requests if the associated application specifies any of these tokenEndpointAuthMethod values:

  • CLIENT_SECRET_BASIC

  • CLIENT_SECRET_POST

  • CLIENT_SECRET_JWT

In addition, you must update any login_hint_token or request objects that use the client secret as the signing key.

Headers

Authorization      Bearer {{accessToken}}

Content-Type      application/json

Body

raw ( application/json )

{
    "previous": {
        "expiresAt": "2024-01-02T13:54:34.487Z"
    }
}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
    "previous": {
        "expiresAt": "2024-01-02T13:54:34.487Z"
    }
}'
var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@"    ""previous"": {" + "\n" +
@"        ""expiresAt"": ""2024-01-02T13:54:34.487Z""" + "\n" +
@"    }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "strings"
  "net/http"
  "io"
)

func main() {

  url := "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret"
  method := "POST"

  payload := strings.NewReader(`{
    "previous": {
        "expiresAt": "2024-01-02T13:54:34.487Z"
    }
}`)

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/json")
  req.Header.Add("Authorization", "Bearer {{accessToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
POST /environments/{{envID}}/applications/{{appID}}/secret HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}

{
    "previous": {
        "expiresAt": "2024-01-02T13:54:34.487Z"
    }
}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n    \"previous\": {\n        \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n    }\n}");
Request request = new Request.Builder()
  .url("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret")
  .method("POST", body)
  .addHeader("Content-Type", "application/json")
  .addHeader("Authorization", "Bearer {{accessToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "Authorization": "Bearer {{accessToken}}"
  },
  "data": JSON.stringify({
    "previous": {
      "expiresAt": "2024-01-02T13:54:34.487Z"
    }
  }),
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'POST',
  'url': '{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret',
  'headers': {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer {{accessToken}}'
  },
  body: JSON.stringify({
    "previous": {
      "expiresAt": "2024-01-02T13:54:34.487Z"
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests
import json

url = "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret"

payload = json.dumps({
  "previous": {
    "expiresAt": "2024-01-02T13:54:34.487Z"
  }
})
headers = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{accessToken}}'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Content-Type' => 'application/json',
  'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n    "previous": {\n        "expiresAt": "2024-01-02T13:54:34.487Z"\n    }\n}');
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "json"
require "net/http"

url = URI("{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
  "previous": {
    "expiresAt": "2024-01-02T13:54:34.487Z"
  }
})

response = http.request(request)
puts response.read_body
let parameters = "{\n    \"previous\": {\n        \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n    }\n}"
let postData = parameters.data(using: .utf8)

var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/applications/{{appID}}/secret")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")

request.httpMethod = "POST"
request.httpBody = postData

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/48567a65-8f00-4630-b8b0-2c02ce94168a/secret"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
        },
        "application": {
            "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/applications/48567a65-8f00-4630-b8b0-2c02ce94168a"
        }
    },
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "secret": "vgUZQTEvg0Zzq6WxM73UN.TD",
    "previous": {
        "secret": "9ZZd0Ih4ApbuIXvJtgRw",
        "expiresAt": "2024-01-02T13:54:34.487Z"
    }
}