--- title: Create Resource Client Secret description: The POST {{apiPath}}/v1/environments/{{environmentID}}/resources/{{resourceID}}/secret operation generates a new resource client secret. Any non-custom resources will return a 404 response. component: pingone-api page_id: pingone-api:platform:resources/resource-secret/create-resource-client-secret canonical_url: https://developer.pingidentity.com/pingone-api/platform/resources/resource-secret/create-resource-client-secret.html section_ids: best-practices: Best practices prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Resource Client Secret ## ```none POST {{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret ``` The `POST {{apiPath}}/v1/environments/{{environmentID}}/resources/{{resourceID}}/secret` operation generates a new resource client secret. Any non-custom resources will return a 404 response. This request supports optional parameters in the request body to designate the replaced secret as a "previous" secret that remains valid for a specified period, up to 30 days. ### Best practices * Do not store a resource's client secret in applications that are publicly available. * For security purposes, regenerate client secrets regularly. * If you suspect a resource's client secret has been compromised, generate a new client secret immediately. ### Prerequisites * Refer to [Resources](../../resources.html) for important overview information. * [Create a resource](../../resources.html#post-create-resource) to get a `{{resourceID}}` for the endpoint. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | When you change your resource's secret, PingOne endpoints that use the resource secret to authenticate requests must change to use the updated resource secret value. Secret values must be updated for `/as/token`, `/as/introspect`, `/as/par`, and `/as/revoke` requests if the associated application specifies any of these `tokenEndpointAuthMethod` values:* `CLIENT_SECRET_BASIC` * `CLIENT_SECRET_POST` * `CLIENT_SECRET_JWT`In addition, you must update any `login_hint_token` or `request` objects that use the resource client secret as the signing key. | ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""previous"": {" + "\n" + @" ""expiresAt"": ""2024-01-02T13:54:34.487Z""" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret" method := "POST" payload := strings.NewReader(`{ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/resources/{{resourceID}}/secret HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"previous\": {\n \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret" payload = json.dumps({ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "previous": {\n "expiresAt": "2024-01-02T13:54:34.487Z"\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "previous": { "expiresAt": "2024-01-02T13:54:34.487Z" } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"previous\": {\n \"expiresAt\": \"2024-01-02T13:54:34.487Z\"\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/resources/{{resourceID}}/secret")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 200 OK ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13/secret" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "resource": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/resources/4ae5e950-6cf5-4109-87de-ccadd1363c13" } }, "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "secret": "zaopVd.XwHcgm_Lf4Eo", "previous": { "secret": "5t_pCSKzwlA.31jkP", "expiresAt": "2024-01-02T13:54:34.487Z" } } ```