Skip to main content
POST
/
apps
/
{client_id}
/
rotate-client-secret
curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  "https://sandbox.api.hopae.com/connect/v1/apps/HqTRDIYH/rotate-client-secret"

{
  "clientSecret": "a3f2c1e4b8d7f6a9c2e5b1d4f7a0c3e6b9d2f5a8c1e4b7d0f3a6c9e2b5d8f1a4"
}
Generates a new clientSecret for the App, immediately replacing the existing one.
This is the only time the new secret is returned. Store it immediately in a secure location (e.g. HashiCorp Vault, AWS Secrets Manager, or an encrypted DB column) — it cannot be retrieved later.
The old clientSecret is invalidated immediately. Any in-flight Basic Auth requests using the old secret will fail. Rotate only when you are ready to update your credential store atomically.

Request

Authorization
string
required
Bearer <API_KEY> from Console > Developers > Workspace API Keys.
Idempotency-Key
string
Optional client-generated string (max 255 chars) to safely retry without issuing a second rotation. Scoped per workspace; valid for 24 hours. On replay with the same key, the original response (including the same rotated clientSecret) is returned with an Idempotency-Replayed: true header so the caller can persist the secret exactly once.

Path parameters

client_id
string
required
Client identifier of the app whose secret should be rotated.

Request body

None. Send an empty body or omit the body entirely.

Response

clientSecret
string
The newly generated client secret. Use this for Basic Auth (clientId:clientSecret) when calling the Connect API.
curl -X POST \
  -H "Authorization: Bearer sk_workspace_test_..." \
  "https://sandbox.api.hopae.com/connect/v1/apps/HqTRDIYH/rotate-client-secret"

{
  "clientSecret": "a3f2c1e4b8d7f6a9c2e5b1d4f7a0c3e6b9d2f5a8c1e4b7d0f3a6c9e2b5d8f1a4"
}