Start Secret Rotation

// POST /v1/m2m/clients/{client_id}/secrets/rotate/start
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  client_id: "${exampleM2MClientID}",
};

client.M2M.Clients.Secrets.RotateStart(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "m2m_client": {
    "client_id": "<string>",
    "next_client_secret": "<string>",
    "client_name": "<string>",
    "client_description": "<string>",
    "status": "<string>",
    "scopes": [
      "<string>"
    ],
    "client_secret_last_four": "<string>",
    "trusted_metadata": {},
    "next_client_secret_last_four": "<string>"
  },
  "status_code": 123
}

POST

m2m

clients

{client_id}

secrets

rotate

start

// POST /v1/m2m/clients/{client_id}/secrets/rotate/start
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  client_id: "${exampleM2MClientID}",
};

client.M2M.Clients.Secrets.RotateStart(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "m2m_client": {
    "client_id": "<string>",
    "next_client_secret": "<string>",
    "client_name": "<string>",
    "client_description": "<string>",
    "status": "<string>",
    "scopes": [
      "<string>"
    ],
    "client_secret_last_four": "<string>",
    "trusted_metadata": {},
    "next_client_secret_last_four": "<string>"
  },
  "status_code": 123
}

After this endpoint is called, both the client’s client_secret and next_client_secret will be valid. To complete the secret rotation flow, update all usages of client_secret to next_client_secret and call the Rotate Secret Endpoint to complete the flow. Secret rotation can be cancelled using the Rotate Cancel Endpoint.

The API response is the only time you will be able to view the generated next_client_secret. Stytch stores a hash of the next_client_secret and cannot recover the value if lost. Be sure to persist the next_client_secret in a secure location. If the next_client_secret is lost, you will need to trigger a secret rotation flow to receive another one.

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Path Parameters

client_id

string

required

The ID of the client.

Body

application/json

Request type

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

m2m_client

object

required

The M2M Client affected by this operation.

Show child attributes

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

⌘I