Create Resource Client Secret
POST {{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secretThe POST {{apiPath}}/environments/{{environmentID}}/resources/{{resourceID}}/secret operation generates a new resource client secret. Any non-custom resources will return a 404 response.
This request supports optional parameters in the request body to designate the replaced secret as a "previous" secret that remains valid for a specified period, up to 30 days.
Best practices
-
Do not store a resource’s client secret in applications that are publicly available.
-
For security purposes, regenerate client secrets regularly.
-
If you suspect a resource’s client secret has been compromised, generate a new client secret immediately.
Prerequisites
-
Refer to Resources for important overview information.
-
Create a resource to get a
{{resourceID}}for the endpoint.
|
When you change your resource’s secret, PingOne endpoints that use the resource secret to authenticate requests must change to use the updated resource secret value. Secret values must be updated for
In addition, you must update any |
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""previous"": {" + "\n" +
@" ""expiresAt"": ""2024-01-02T13:54:34.487Z""" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret"
method := "POST"
payload := strings.NewReader(`{
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/resources/{{resourceID}}/secret HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"previous\": {\n \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret"
payload = json.dumps({
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "previous": {\n "expiresAt": "2024-01-02T13:54:34.487Z"\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"previous": {
"expiresAt": "2024-01-02T13:54:34.487Z"
}
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"previous\": {\n \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/resources/{{resourceID}}/secret")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13/secret"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"resource": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13"
}
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"secret": "zaopVd.XwHcgm_Lf4Eo",
"previous": {
"secret": "5t_pCSKzwlA.31jkP",
"expiresAt": "2024-01-02T13:54:34.487Z"
}
}