TradeAware
  • Welcome to TradeAware User Guide
    • Getting Started
  • Using the TradeAware Web App
    • Upload and Analyzing Plots
    • Connect with your supply chain
    • Risk Assessment
    • Transaction Management
    • Document Management
    • Plot Upload and Analysis Trouble Shooting
    • How-to videos
  • Using the TradeAware API
    • API Access and Business Account Registration
    • Authentication
      • Rotate client secret
      • Endpoints enabled for programmatic access
    • Plot Uploading and Analysis Requests
    • Commercial network management
    • Transaction Management
    • API reference
      • Auth
      • Plots
        • Analyses of a specific Plot
        • Batch
      • Analyses
      • Attachments
      • Business invitations
      • Business connections
      • Transactions
        • Create a Transaction
        • Retrieve Transactions
          • Get a transaction by id
          • List all transactions
        • Modify an existing Transaction
          • Update a Transaction
          • Add a Transaction Component
          • Update a Transaction Component
          • Delete a Transaction Component
        • Delete a Transaction
        • Submit a Transaction
        • Retrieve DDS Data
      • Risk Assessments
        • Supplier Risk Assessments
          • Create a Supplier Risk Assessment
          • Update a Supplier Risk Assessment
          • Retrieve Supplier Risk Assessments
            • Get a supplier risk assessment by id
            • Get all supplier risk assessments
          • Retrieve the history
        • Plot Risk Assessments
          • Create a Plot Risk Assessment
          • Update a Plot Risk Assessment
          • Retrieve Plot Risk Assessments
            • Get a plot risk assessment by id
            • Get all plot risk assessments
          • Retrieve the history
      • Survey responses
      • Health
      • Version
      • Specification
  • Additional Resources
    • FAQs
    • Contact Support
    • Terms and Conditions
Powered by GitBook
On this page
  • Prerequisites
  • Impact
  • How to
  • Downtime
  • Programmatically rotating client secrets
  1. Using the TradeAware API
  2. Authentication

Rotate client secret

How to rotate your OAuth2.0 machine-to-machine client secret?

PreviousAuthenticationNextEndpoints enabled for programmatic access

Last updated 8 months ago

In order to keep your account safe, we recommend that you rotate your OAuth2.0 machine-to-machine client secret regularly.

Prerequisites

  • You created an OAuth2.0 machine-to-machine client for your account as described in .

Impact

The client secret is necessary for your OAuth2.0 machine-to-machine client to request an access token which, in turn, is used to access the TradeAware API.

Rotating the client secret will immediately (more precisely: up to a 30 second delay) invalidate your existing client secret. Thereby, any attempts to request a new access token with the previous client secret will fail.

Only the new client secret will enable a successful request for a new access token.

That means, expect some downtime between the time of secret rotation and your application being updated with the new secret and any necessary redeployments. For more information, see Downtime.

How to

Before we dive into the step-by-step guide, please be aware of the following:

Depending on your application's hosting provider, you may need to redeploy the application for any changed environment variables and environment secrets to come into effect. This depends on your hosting provider, so please consult their documentation before continuing with the following steps.

Step-by-step

  • Log in to the and navigate to the . Alternatively to using the URL directly, you may do the following: After login, click the profile icon in the bottom left corner, then choose "Manage Account". Then, click "Developer Tools".

  • On the Developer Tools page, click the heading of the "Danger Zone" section to display further options.

  • Under the section "Rotate Secret", click the red button "Rotate".

  • A dialog opens for you to confirm the secret rotation. Follow the instructions in the dialog and confirm the dialog with "Rotate". WARNING: THIS ACTION IS IMMEDIATE AND CANNOT BE REVERTED.

  • Next, the dialog will close and bring you back to the Developer Tools. In the field "Client Secret", copy your new client secret,

  • Update your application to use the new client secret.

Downtime

We currently do not support client secret rotation with zero downtime.

You may be able to achieve zero downtime coincidentally by timing the secret rotation right after your OAuth2.0 machine-to-machine client requested a new access token. However, this is difficult to time.

Programmatically rotating client secrets

We currently do not support this feature. If you are interested in this functionality, please .

Authentication
TradeAware Web App
Developer Tools
contact support