API ReferenceapiidentityPOST /v1/admin/oauth-clients/{clientId}/rotate-secret

POST /v1/admin/oauth-clients/\{clientId\}/rotate-secret

Service: identity · operationId: (none)

Rotate client secret (old secret valid for 24h grace period)

Required scopes

(no scope declared — review service config)

Path parameters

  • clientId (string) required

Responses

200 Secret rotated — new secret shown once

{
  "type": "object",
  "properties": {
    "client": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string"
        },
        "client_id": {
          "type": "string"
        },
        "client_name": {
          "type": "string"
        },
        "client_uri": {
          "type": [
            "string",
            "null"
          ]
        },
        "logo_uri": {
          "type": [
            "string",
            "null"
          ]
        },
        "client_type": {
          "type": "string",
          "enum": [
            "confidential",
            "public"
          ]
        },
        "redirect_uris": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "allowed_scopes": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "allowed_origins": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "owner_id": {
          "type": [
            "string",
            "null"
          ]
        },
        "brand_id": {
          "type": "string"
        },
        "is_first_party": {
          "type": "boolean"
        },
        "enabled": {
          "type": "boolean"
        },
        "created_at": {
          "type": "string"
        },
        "updated_at": {
          "type": "string"
        }
      },
      "required": [
        "id",
        "client_id",
        "client_name",
        "client_uri",
        "logo_uri",
        "client_type",
        "redirect_uris",
        "allowed_scopes",
        "allowed_origins",
        "owner_id",
        "brand_id",
        "is_first_party",
        "enabled",
        "created_at",
        "updated_at"
      ]
    },
    "client_secret": {
      "type": "string",
      "description": "New secret — shown ONCE. Old secret valid for 24h."
    }
  },
  "required": [
    "client",
    "client_secret"
  ]
}

400 Cannot rotate (e.g. public client)

{
  "type": "object",
  "properties": {
    "error": {
      "type": "string"
    },
    "message": {
      "type": "string"
    }
  },
  "required": [
    "error",
    "message"
  ]
}

Example

curl -X POST https://identity.platform.loop.health/v1/admin/oauth-clients/{clientId}/rotate-secret \
  -H "Authorization: Bearer $ACCESS_TOKEN"