> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start Secret Rotation

> Initiate the rotation of an M2M client secret using the Stytch API

After this endpoint is called, both the client's `client_secret` and `next_client_secret` will be valid. To complete the secret rotation flow, update all usages of `client_secret` to `next_client_secret` and call the [Rotate Secret Endpoint](/api-reference/consumer/api/m2m/rotate-secret/rotate-secret) to complete the flow. Secret rotation can be cancelled using the [Cancel Secret Rotation Endpoint](/api-reference/consumer/api/m2m/rotate-secret/cancel-secret-rotation).

<Warning>
  This is the only time you will be able to view the generated `next_client_secret` in the API response. Stytch stores a hash of the `next_client_secret` and cannot recover the value if lost. Be sure to persist the `next_client_secret` in a secure location. If the `next_client_secret` is lost, you will need to trigger a secret rotation flow to receive another one.
</Warning>


## OpenAPI

````yaml POST /v1/m2m/clients/{client_id}/secrets/rotate/start
openapi: 3.0.3
info:
  title: Stytch API
  description: The Stytch API provides endpoints for authentication and user management.
  version: 2.1.1
  contact:
    name: Stytch Support
    url: https://stytch.com/docs
    email: support@stytch.com
servers:
  - url: https://api.stytch.com
    description: Production server
  - url: https://test.stytch.com
    description: Test server
security:
  - basicAuth: []
paths:
  /v1/m2m/clients/{client_id}/secrets/rotate/start:
    post:
      tags:
        - Clients
      summary: Rotatestart
      description: >-
        Initiate the rotation of an M2M client secret. After this endpoint is
        called, both the client's `client_secret` and `next_client_secret` will
        be valid. To complete the secret rotation flow, update all usages of
        `client_secret` to `next_client_secret` and call the [Rotate Secret
        Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret)[Rotate
        Secret Endpoint](https://stytch.com/docs/api/m2m-rotate-secret) to
        complete the flow.Secret rotation can be cancelled using the [Rotate
        Cancel
        Endpoint](https://stytch.com/docs/b2b/api/m2m-rotate-secret-cancel)[Rotate
        Cancel Endpoint](https://stytch.com/docs/api/m2m-rotate-secret-cancel).


        **Important:** This is the only time you will be able to view the
        generated `next_client_secret` in the API response. Stytch stores a hash
        of the `next_client_secret` and cannot recover the value if lost. Be
        sure to persist the `next_client_secret` in a secure location. If the
        `next_client_secret` is lost, you will need to trigger a secret rotation
        flow to receive another one.
      operationId: api_m2m_v1_m2m_clients_secrets_RotateStart
      parameters:
        - name: client_id
          in: path
          required: true
          schema:
            type: string
            description: The ID of the client.
          description: The ID of the client.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: >-
                #/components/schemas/api_m2m_v1_m2m_clients_secrets_RotateStartRequest
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/api_m2m_v1_m2m_clients_secrets_RotateStartResponse
        '400':
          description: Bad request
        '401':
          description: Unauthorized
          content:
            application/json:
              example:
                status_code: 401
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: unauthorized_credentials
                error_message: Unauthorized credentials.
                error_url: https://stytch.com/docs/api/errors/401
        '429':
          description: Too Many Requests
          content:
            application/json:
              example:
                status_code: 429
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: too_many_requests
                error_message: Too many requests have been made.
                error_url: https://stytch.com/docs/api/errors/429
        '500':
          description: Internal server error
          content:
            application/json:
              example:
                status_code: 500
                request_id: request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141
                error_type: internal_server_error
                error_message: >-
                  Oops, something seems to have gone wrong, please reach out to
                  support@stytch.com to let us know what went wrong.
                error_url: https://stytch.com/docs/api/errors/500
      x-code-samples:
        - lang: csharp
          label: C#
          source: |-
            // POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              client_id: "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
            };

            client.M2M.Clients.Secrets.RotateStart(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: go
          label: Go
          source: "// POST /v1/m2m/clients/{client_id}/secrets/rotate/start\npackage main\n\nimport (\n\t\"context\"\n\t\"log\"\n\n\t\"github.com/stytchauth/stytch-go/v18/stytch/b2b/b2bstytchapi\"\n\t\"github.com/stytchauth/stytch-go/v18/stytch/consumer/m2m/clients/secrets\"\n)\n\nfunc main() {\n\tclient, err := b2bstytchapi.NewClient(\n\t\t\"${projectId}\",\n\t\t\"${secret}\",\n\t)\n\tif err != nil {\n\t\tlog.Fatalf(\"error instantiating client: %v\", err)\n\t}\n\n\tparams := &secrets.RotateStartParams{\n\t\tClientID: \"m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885\",\n\t}\n\n\tresp, err := client.M2M.Clients.Secrets.RotateStart(context.Background(), params)\n\tif err != nil {\n\t\tlog.Fatalf(\"error in method call: %v\", err)\n\t}\n\n\tlog.Println(resp)\n}\n"
        - lang: java
          label: Java
          source: >-
            // POST /v1/m2m/clients/{client_id}/secrets/rotate/start

            package com.example;


            import com.stytch.java.b2b.StytchB2BClient;

            import com.stytch.java.common.StytchResult;

            import
            com.stytch.java.consumer.models.m2mclientssecrets.RotateStartRequest;


            public class Main {
                public static void main(String[] args) {
                    StytchB2BClient.configure("${projectId}", "${secret}");

                    RotateStartRequest params = new RotateStartRequest();
                    params.setClientId("m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885");

                    Object result = StytchB2BClient.getM2M().getClients().getSecrets().rotateStart(params);
                    if (result instanceof StytchResult.Success) {
                      System.out.println(((StytchResult.Success) result).getValue());
                    } else {
                      System.out.println(((StytchResult.Error) result).getException());
                    }
                }
            }
        - lang: kotlin
          label: Kotlin
          source: >
            // POST /v1/m2m/clients/{client_id}/secrets/rotate/start

            package com.example


            import com.stytch.java.b2b.StytchB2BClient

            import
            com.stytch.java.consumer.models.m2mclientssecrets.RotateStartRequest


            fun main() {
                StytchB2BClient.configure(
                    projectId = "${projectId}",
                    secret = "${secret}",
                )

                when (
                    val result =
                        StytchB2BClient.m2m.clients.secrets.rotateStart(
                            RotateStartRequest(
                                clientId = "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
                            ),
                        )
                ) {
                    is StytchResult.Success -> println(result.value)
                    is StytchResult.Error -> println(result.exception)
                }
            }
        - lang: javascript
          label: Node.js
          source: |-
            // POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            const stytch = require('stytch');

            const client = new stytch.B2BClient({
              project_id: '${projectId}',
              secret: '${secret}',
            });

            const params = {
              client_id: "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
            };

            client.m2m.clients.secrets.rotateStart(params)
              .then(resp => { console.log(resp) })
              .catch(err => { console.log(err) });
        - lang: php
          label: PHP
          source: |-
            $response = $client->m2m->clients->secrets->rotate_start([
                'client_id' => 'm2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885',
            ]);
        - lang: python
          label: Python
          source: |
            # POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            from stytch import B2BClient

            client = B2BClient(
                project_id="${projectId}",
                secret="${secret}",
            )

            resp = client.m2m.clients.secrets.rotate_start(
                client_id="m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
            )

            print(resp)
        - lang: ruby
          label: Ruby
          source: |-
            # frozen_string_literal: true

            # POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            require 'stytch'

            client = StytchB2B::Client.new(
              project_id: "${projectId}",
              secret: "${secret}"
            )

            resp = client.m2m.clients.secrets.rotate_start(
              client_id: "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885"
              
            )

            puts resp
        - lang: rust
          label: Rust
          source: |-
            // POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            use stytch::b2b::client::Client;
            use stytch::consumer::m2m_clients_secrets::RotateStartRequest;

            fn main() {
                let client = Client::new("${projectId}", "${secret}").unwrap();
                let resp = client.m2m.clients.secrets.rotate_start(
                    RotateStartRequest{
                        client_id: "m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
                        ..Default::default()
                    }
                ).await;
                println!("The response is {:?}", resp);
            }
        - lang: bash
          label: cURL
          source: |-
            # POST /v1/m2m/clients/{client_id}/secrets/rotate/start
            curl --request POST \
              --url https://test.stytch.com/v1/m2m/clients/m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885/secrets/rotate/start \
              -u '${projectId}:${secret}' \
              -H 'Content-Type: application/json'
components:
  schemas:
    api_m2m_v1_m2m_clients_secrets_RotateStartRequest:
      type: object
      properties: {}
      description: Request type
    api_m2m_v1_m2m_clients_secrets_RotateStartResponse:
      type: object
      properties:
        request_id:
          type: string
          description: >-
            Globally unique UUID that is returned with every API call. This
            value is important to log for debugging purposes; we may ask for
            this value to help identify a specific API call when helping you
            debug an issue.
        m2m_client:
          $ref: '#/components/schemas/api_m2m_v1_M2MClientWithNextClientSecret'
          description: The M2M Client affected by this operation.
        status_code:
          type: integer
          format: int32
          description: >-
            The HTTP status code of the response. Stytch follows standard HTTP
            response status code patterns, e.g. 2XX values equate to success,
            3XX values are redirects, 4XX are client errors, and 5XX are server
            errors.
      required:
        - request_id
        - m2m_client
        - status_code
    api_m2m_v1_M2MClientWithNextClientSecret:
      type: object
      properties:
        client_id:
          type: string
          description: The ID of the client.
        next_client_secret:
          type: string
          description: >-
            The newly created secret that's next in rotation for the client.
            **Important:** this is the only time you will be able to view the
            `next_client_secret`. Be sure to persist the `next_client_secret` in
            a secure location. If the `next_client_secret` is lost, you will
            need to trigger a secret rotation flow to receive another one.
        client_name:
          type: string
          description: A human-readable name for the client.
        client_description:
          type: string
          description: A human-readable description for the client.
        status:
          type: string
          description: The status of the client - either `active` or `inactive`.
        scopes:
          type: array
          items:
            type: string
          description: An array of scopes assigned to the client.
        client_secret_last_four:
          type: string
          description: The last four characters of the client secret.
        trusted_metadata:
          type: object
          additionalProperties: true
          description: An arbitrary JSON object for storing application-specific data.
        next_client_secret_last_four:
          type: string
          description: >-
            The last four characters of the `next_client_secret`. Null if no
            `next_client_secret` exists.
      required:
        - client_id
        - next_client_secret
        - client_name
        - client_description
        - status
        - scopes
        - client_secret_last_four
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic

````